Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/23 6:0 a.m.7 views

CVE-2026-8172

The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors vi...

7.1CVSS5.7AI score0.00156EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:47 p.m.42 views

CVE-2026-41697

CVE-2026-41697 affects Spring Data Relational/JDBC/R2DBC across multiple versions (4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14; 3.3.0–3.3.16; 3.2.0–3.2.15; 3.1.0–3.1.14; 3.0.0–3.0.15; 2.4.0–2.4.19). The root cause is improper escaping of binding values for StringMatcher (STARTING, ENDING, CONTAINING)...

4.8CVSS5.5AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.5 views

PT-2026-26473

Summary WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The clean title field of a video record is interpolated directly into a JavaScript string literal without any escaping, allowing an attacker who can create or modify a video to...

8.2CVSS5.9AI score0.00216EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/07/31 12:0 a.m.4 views

WordPress plugin SpiderContacts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.1CVSS6.6AI score0.00326EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/11/01 12:0 a.m.7 views

PKP Open Journals System Cross-Site Scripting Vulnerability

PKP Open Journals System is a journal system. A cross-site scripting vulnerability exists in PKP Open Journals System prior to version 3.3.0-16, which stems from the fact that certain inputs are not escaped and can be exploited by an attacker to inject malicious script into a web site...

5.4CVSS6.1AI score0.00411EPSS
Exploits1References3
OSV
OSV
added 2023/05/15 1:15 p.m.5 views

CVE-2023-0600

The WP Visitor Statistics Real Time Traffic WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks...

9.8CVSS7.4AI score0.04234EPSS
Exploits2References1
Rows per page
Query Builder