Lucene search
+L

319 matches found

OSV
OSV
added 2025/03/09 6:15 a.m.4 views

CVE-2025-1382

The Contact Us By Lord Linus WordPress plugin through 2.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS7.3AI score0.00165EPSS
Exploits1References1
OSV
OSV
added 2025/03/07 10:15 a.m.3 views

CVE-2024-9458

The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00823EPSS
Exploits3References1
OSV
OSV
added 2025/02/26 1:15 p.m.6 views

CVE-2024-13632

The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00352EPSS
Exploits1References1
OSV
OSV
added 2025/02/07 6:15 a.m.6 views

CVE-2024-13492

The Guten Free Options WordPress plugin through 0.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS7.3AI score0.00563EPSS
Exploits1References1
OSV
OSV
added 2025/02/01 6:15 a.m.7 views

CVE-2024-13097

The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.4CVSS7.3AI score0.00668EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.7 views

PT-2025-43034

Name of the Vulnerable Software and Affected Versions xen affected versions not specified Description Certain hypercalls within xen can be specified in a manner that presents a security concern. The description does not provide details about the nature of the issue or any specific technical detai...

9.8CVSS6.6AI score0.00435EPSS
Exploits0References36
Packet Storm
Packet Storm
added 2024/10/30 12:0 a.m.323 views

ABB Cylon Aspect 3.08.01 jsonProxy.php Cross Site Scripting

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Reflected XSS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy manageme...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/07 12:0 a.m.267 views

ABB Cylon Aspect 3.08.01 (calendarFileDelete.php) Arbitrary File Deletion

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller suffers from an arbitrary file deletion...

5.9AI score
Exploits0
OSV
OSV
added 2024/09/12 6:15 a.m.4 views

CVE-2024-8054

The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.002EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/08/01 12:0 a.m.7 views

PT-2024-22539 · WordPress · Socialdriver-Framework

Name of the Vulnerable Software and Affected Versions: socialdriver-framework WordPress plugin versions prior to 2024.04.30 Description: The issue allows high privilege users, such as contributors, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html...

4.8CVSS6AI score0.0033EPSS
Exploits1References4
OSV
OSV
added 2024/07/13 6:15 a.m.5 views

CVE-2024-5284

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.8CVSS5.8AI score0.00241EPSS
Exploits1References1
OSV
OSV
added 2024/07/13 6:15 a.m.5 views

CVE-2024-5033

The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

5.9CVSS5.8AI score0.00209EPSS
Exploits1References1
NVD
NVD
added 2024/06/28 6:15 a.m.13 views

CVE-2024-5729

The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS0.00475EPSS
Exploits4References1
OSV
OSV
added 2024/06/07 6:15 a.m.7 views

CVE-2024-5003

The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

5.4CVSS5.8AI score0.00199EPSS
Exploits2References1
OSV
OSV
added 2024/05/23 6:15 a.m.6 views

CVE-2024-3917

The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.00347EPSS
Exploits2References1
OSV
OSV
added 2024/05/21 6:15 a.m.7 views

CVE-2024-4372

The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00399EPSS
Exploits2References1
OSV
OSV
added 2024/05/15 6:15 a.m.3 views

CVE-2024-3822

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

4.8CVSS5.8AI score0.00741EPSS
Exploits2References1
OSV
OSV
added 2024/04/15 5:15 a.m.4 views

CVE-2024-1712

The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7CVSS7.3AI score0.00484EPSS
Exploits2References1
OSV
OSV
added 2024/01/16 4:15 p.m.4 views

CVE-2023-7084

The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...

5.4CVSS7.3AI score0.00403EPSS
Exploits2References2
OSV
OSV
added 2024/01/16 4:15 p.m.5 views

CVE-2022-1618

The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads...

6.1CVSS5.9AI score
Exploits0References1
Rows per page
Query Builder