Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/06/29 5:19 p.m.6 views

CVE-2026-57948 Pinpoint - Insecure Session Cookie Attributes in pinpointJwt

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can...

7.6CVSS5.6AI score0.00126EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 5:19 p.m.17 views

CVE-2026-57948

Pinpoint (through version 3.1.0) has an insecure session management vulnerability where the pinpointJwt cookie lacks HttpOnly and Secure attributes. This allows JavaScript access via document.cookie and cleartext transmission over HTTP, enabling potential exfiltration of the session token via sto...

7.6CVSS5.6AI score0.00126EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 7:16 a.m.24 views

CVE-2026-8701

The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 via the title-ticker-slide, title-ticker-fade, and title-ticker-typing shortcodes. This is due to insufficient input sanitization and output escaping on shortcode attributes notably border,...

6.4CVSS0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/03 12:0 a.m.4 views

PT-2024-39638 · WordPress · Display Medium Posts

Name of the Vulnerable Software and Affected Versions: Display Medium Posts plugin for WordPress versions up to, and including, 5.0.1 Description: The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display medium posts shortcode due to...

6.4CVSS6.3AI score0.00296EPSS
Exploits0References8
OSV
OSV
added 2021/09/20 10:15 a.m.4 views

CVE-2021-24525

The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by...

5.4CVSS5.8AI score0.00624EPSS
Exploits2References1
Rows per page
Query Builder