Lucene search
+L

260 matches found

Cvelist
Cvelist
added 2026/04/08 6:43 a.m.24 views

CVE-2026-5169 Inquiry form to posts or pages <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field

The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input sanitization when saving via updateoption and lack of output escaping when displaying the stored...

4.4CVSS0.00254EPSS
Exploits0References7
CVE
CVE
added 2026/04/08 6:43 a.m.17 views

CVE-2026-5169

CVE-2026-5169 concerns the WordPress plugin “Inquiry Form to Posts or Pages” (versions

4.4CVSS6.1AI score0.00254EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

WordPress plugin Inquiry Form to Posts or Pages 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.4CVSS5.6AI score0.00254EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/04/07 11:22 p.m.7 views

WordPress Inquiry form to posts or pages plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Header Field vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Form Header Field vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Inquiry form to posts or pages versions = 1.0...

4.4CVSS5.9AI score0.00254EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:28 a.m.3 views

CVE-2026-4347

The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generateuserfilepath' function and the 'movetempfiletouploaddir' function in all versions up to, and including, 5.1.0. This makes it possible for unauthenticated attackers ...

8.1CVSS6.6AI score0.01273EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.12 views

Pegasystems Pega Robot Studio 安全漏洞

Pegasystems Pega Robot Studio is an RPA Robotic Process Automation integration development environment provided by Pegasystems Corporation in the United States. There is a security vulnerability in Pegasystems Pega Robot Studio. This vulnerability stems from the possibility of arbitrary file...

9CVSS6AI score0.00321EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2026/03/04 7:0 p.m.8 views

How Vulnerable Are Computers to an 80-Year-Old Spy Technique? Congress Wants Answers

A pair of US lawmakers are calling for an investigation into how easily spies can steal information based on devices’ electromagnetic and acoustic leaks—a spying trick the NSA once codenamed TEMPEST...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/30 3:40 p.m.7 views

CVE-2026-1589

A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed an...

9.8CVSS5.8AI score0.00379EPSS
Exploits1References1
OSV
OSV
added 2026/01/29 3:16 p.m.5 views

CVE-2026-1589

A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed an...

9.8CVSS5.8AI score0.00379EPSS
Exploits1References5
NVD
NVD
added 2026/01/29 3:16 p.m.8 views

CVE-2026-1589

A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed an...

9.8CVSS0.00379EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/29 2:2 p.m.6 views

CVE-2026-1589 itsourcecode School Management System index.php sql injection

A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed an...

7.5CVSS5.8AI score0.00379EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:2 p.m.3 views

CVE-2026-1589

A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed an...

7.5CVSS5.8AI score0.00379EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/01/29 2:2 p.m.8 views

EUVD-2026-4987

A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed an...

7.5CVSS5.8AI score0.00379EPSS
Exploits1References5
CVE
CVE
added 2026/01/29 2:2 p.m.18 views

CVE-2026-1589

The CVE-2026-1589 entry affects itsourcecode School Management System 1.0. A SQL injection vulnerability exists in the /ramonsys/inquiry/index.php file, triggered by manipulating the txtsearch argument. This can be exploited remotely and has public disclosure. Affects an unknown function within t...

9.8CVSS5.8AI score0.00379EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.7 views

ITSsourcecode School Management System SQL Injection Vulnerability

itsourcecode School Management System is an open-source school management system developed by itsourcecode. Version 1.0 of itsourcecode School Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “txtsearch” in the file...

9.8CVSS7.2AI score0.00379EPSS
Exploits1References5
Patchstack
Patchstack
added 2026/01/26 11:8 a.m.12 views

WordPress Email Inquiry & Cart Options for WooCommerce plugin <= 3.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Email Inquiry & Cart Options for WooCommerce versions = 3.4.3...

6.5CVSS5.9AI score0.00198EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.12 views

CVE-2026-24526

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...

6.5CVSS5.8AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 3:16 p.m.6 views

CVE-2026-24526

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...

6.5CVSS0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/23 2:28 p.m.32 views

CVE-2026-24526 WordPress Email Inquiry & Cart Options for WooCommerce plugin <= 3.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...

6.5CVSS0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/23 2:28 p.m.3 views

CVE-2026-24526 WordPress Email Inquiry & Cart Options for WooCommerce plugin <= 3.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a throu...

6.5CVSS5.8AI score0.00198EPSS
Exploits0References1
Rows per page
Query Builder