Lucene search
K

18 matches found

CNVD
CNVD
added 2026/01/19 12:0 a.m.5 views

WordPress Kunze Law plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Kunze Law plugin, which originates from obtaining HTML content from a remote server and injecting it into a page...

4.4CVSS6AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 6:15 a.m.8 views

CVE-2025-15486

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...

4.4CVSS0.00237EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/14 5:28 a.m.30 views

CVE-2025-15486 Kunze Law <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...

4.4CVSS0.00237EPSS
Exploits0References3
CVE
CVE
added 2026/01/14 5:28 a.m.19 views

CVE-2025-15486

CVE-2025-15486 concerns the WordPress Kunze Law plugin (versions

4.4CVSS4.8AI score0.00237EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/14 5:28 a.m.3 views

CVE-2025-15486 Kunze Law <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...

4.4CVSS4.8AI score0.00237EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.9 views

WordPress plugin Kunze Law 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Kunze Law plugin, which originates from obtaining HTML content from a remote server and injecting it into a page...

4.4CVSS6AI score0.00237EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.6 views

PT-2026-2826

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...

4.4CVSS5AI score0.00237EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/13 9:34 p.m.7 views

WordPress Kunze Law plugin <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Kunze Law versions = 2.1...

4.4CVSS5.8AI score0.00237EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 11:27 p.m.5 views

CVE-2022-0674

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6AI score0.00612EPSS
Exploits2References1
OSV
OSV
added 2022/03/14 3:15 p.m.3 views

CVE-2022-0674

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00612EPSS
Exploits2References1
NVD
NVD
added 2022/03/14 3:15 p.m.13 views

CVE-2022-0674

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00612EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/03/14 3:15 p.m.5 views

CVE-2022-0674

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.00612EPSS
Exploits2References2
CVE
CVE
added 2022/03/14 2:41 p.m.96 views

CVE-2022-0674

CVE-2022-0674 affects the Kunze Law WordPress plugin prior to version 2.1, where the plugin does not escape the E-Mail Error "From" Address setting. This enables stored XSS by high-privilege users (e.g., admins) when unfiltered_html is disallowed. Evidence from multiple sources (PatchStack listin...

4.8CVSS4.8AI score0.00612EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/03/14 2:41 p.m.22 views

CVE-2022-0674 Kunze Law < 2.1 - Admin+ Stored Cross-Site Scripting

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.1AI score0.00612EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.2 views

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in Kun...

4.8CVSS4.9AI score0.00612EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/02/17 12:0 a.m.63 views

Kunze Law < 2.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the 'E-Mail Error "From" Address' settings of the plugin:...

4.8CVSS0.7AI score0.00612EPSS
Exploits2
Patchstack
Patchstack
added 2022/02/17 12:0 a.m.23 views

WordPress Kunze Law plugin <= 1.9 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Kunze Law plugin versions = 1.9. Solution Update the WordPress Kunze Law plugin to the latest available version at least 2.1...

4.8CVSS2AI score0.00612EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/17 12:0 a.m.25 views

Kunze Law < 2.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the 'E-Mail Error "From" Address' settings of the plugi...

4.8CVSS2.2AI score0.00612EPSS
Exploits2Affected Software1
Rows per page
Query Builder