Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/18 6:50 a.m.21 views

CVE-2026-12136 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasicsuseravatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escaping on user supplied attributes minheight,...

6.4CVSS0.00193EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/04/01 2:31 a.m.11 views

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute vulnerability

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin = 7.4.10 - Authenticated Contributor+ Stored Cross-Site Scripting via 'maxwidth' Shortcode Attribute vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Shortcodes Ultimate versions = 7.4.10...

6.4CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/03/31 10:26 p.m.13 views

CVE-2026-2480

CVE-2026-2480 affects the WordPress WP Shortcodes Plugin — Shortcodes Ultimate up to version 7.4.10. The vulnerability is a Stored Cross-Site Scripting (XSS) in the su_box shortcode via the max_width attribute, caused by insufficient input sanitization and output escaping on user-supplied attribu...

6.4CVSS6AI score0.00197EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2023/04/10 12:0 a.m.362 views

Roxy Fileman 1.4.5 Shell Upload

Exploit Title: Roxy Fileman 1.4.5 For .NET Arbitrary File Upload Date: 09/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net Version: = 1.4.5 Tested on:...

6.8AI score
Exploits0
Rows per page
Query Builder