Lucene search
K

12 matches found

CNNVD
CNNVD
added 2026/04/15 12:0 a.m.11 views

WordPress plugin Quick Interest Slider 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.8AI score0.00312EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.4 views

Joomla! CMS 跨站脚本漏洞

Joomla! CMS is an open source content management system for Joomla! A cross-site scripting vulnerability exists in Joomla! CMS that stems from insufficient output escaping, which could lead to cross-site scripting attack vectors in the pagebreak plugin...

8.4CVSS5.8AI score0.00175EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/29 9:26 a.m.8 views

CVE-2025-5398

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and including, 3.10.2.1 due to insufficient output escaping on user data passed through the template. This mak...

6.4CVSS6AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.5 views

WordPress plugin Post Status Notifier Lite and Premium 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.1CVSS5.7AI score0.00291EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/30 3:26 p.m.39 views

CVE-2024-47531 Scout contains insufficient output escaping of attachment names

Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and...

4.6CVSS0.00311EPSS
Exploits1References2
OSV
OSV
added 2024/05/14 7:38 a.m.44 views

BIT-WORDPRESS-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

7.2CVSS6.1AI score0.70822EPSS
Exploits4References6
CNNVD
CNNVD
added 2024/04/11 12:0 a.m.5 views

WordPress plugin ConveyThis 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.2CVSS6.6AI score0.00389EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.187 views

Elementor Website Builder < 3.20.3 - Contributor+ DOM Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Path Widget due to insufficient output escaping on user supplied attributes, allowingnauthenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execut...

6.4CVSS6.1AI score0.00462EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.11 views

Solid Central < 3.0.1 - Stored Cross-Site Scripting via packages

Description The plugin is vulnerable to Stored Cross-Site Scripting via via malicious package names in all versions up to and including 3.0.0 due to insufficient output escaping. This makes it possible for attackers able to compromise the packages retrieved from the iThemes API to inject arbitrar...

5.9AI score
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/31 6:15 a.m.14 views

Cross site scripting

The CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings reachable though an AJAX action in versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.9CVSS5.1AI score0.00476EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2023/06/03 12:0 a.m.10 views

WordPress plugin Online Booking & Scheduling Calendar for WordPress by vcita 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

7.2CVSS7.4AI score0.00607EPSS
Exploits1References4
OSV
OSV
added 2020/08/01 9:25 a.m.4 views

MGASA-2020-0313 Updated php-phpmailer packages fix security vulnerability

Fix insufficient output escaping bug in file attachment names CVE-2020-13625...

7.5CVSS7.4AI score0.0378EPSS
Exploits1References4
Rows per page
Query Builder