Lucene search
K

12 matches found

CNVD
CNVD
added 2026/01/19 12:0 a.m.4 views

WordPress Kunze Law plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Kunze Law plugin, which originates from obtaining HTML content from a remote server and injecting it into a page...

4.4CVSS6AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 6:15 a.m.6 views

CVE-2025-15486

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...

4.4CVSS0.00237EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/14 5:28 a.m.2 views

CVE-2025-15486 Kunze Law <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...

4.4CVSS4.8AI score0.00237EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/14 5:28 a.m.28 views

CVE-2025-15486 Kunze Law <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...

4.4CVSS0.00237EPSS
Exploits0References3
CVE
CVE
added 2026/01/14 5:28 a.m.18 views

CVE-2025-15486

CVE-2025-15486 concerns the WordPress Kunze Law plugin (versions

4.4CVSS4.8AI score0.00237EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.5 views

PT-2026-2826

The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...

4.4CVSS5AI score0.00237EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.7 views

WordPress plugin Kunze Law 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Kunze Law plugin, which originates from obtaining HTML content from a remote server and injecting it into a page...

4.4CVSS6AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2022/03/14 3:15 p.m.3 views

CVE-2022-0674

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00612EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/03/14 3:15 p.m.5 views

CVE-2022-0674

The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.00612EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.2 views

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in Kun...

4.8CVSS4.9AI score0.00612EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/02/17 12:0 a.m.23 views

WordPress Kunze Law plugin <= 1.9 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Kunze Law plugin versions = 1.9. Solution Update the WordPress Kunze Law plugin to the latest available version at least 2.1...

4.8CVSS2AI score0.00612EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/17 12:0 a.m.25 views

Kunze Law < 2.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the 'E-Mail Error "From" Address' settings of the plugi...

4.8CVSS2.2AI score0.00612EPSS
Exploits2Affected Software1
Rows per page
Query Builder