Lucene search
K

3485 matches found

Vulnrichment
Vulnrichment
added 2025/06/06 12:53 p.m.4 views

CVE-2025-49293 WordPress Crawlomatic Multisite Scraper Post Generator <= 2.6.8.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2...

4.3CVSS7.1AI score0.00241EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.3 views

WordPress plugin Crawlomatic Multisite Scraper Post Generator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

5.3CVSS5.4AI score0.00306EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.3 views

WordPress plugin Crawlomatic Multisite Scraper Post Generator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

4.3CVSS4.9AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/05 6:12 a.m.22 views

CVE-2025-3584

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.0021EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/06/05 12:14 a.m.6 views

WordPress Crawlomatic Multisite Scraper Post Generator plugin <= 2.6.8.2 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Anhchangmutrang in WordPress Plugin Crawlomatic Multisite Scraper Post Generator versions = 2.6.8.2...

4.3CVSS6.7AI score0.00241EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/06/03 6:15 a.m.4 views

CVE-2025-3584

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.0021EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/06/03 6:0 a.m.10 views

CVE-2025-3584 Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.0021EPSS
Exploits1References1
CVE
CVE
added 2025/06/03 6:0 a.m.56 views

CVE-2025-3584

The CVE-2025-3584 entry concerns the WordPress Newsletter plugin, affected in versions prior to 8.8.2. The vulnerability arises from insufficient sanitization/escaping of Subscription settings, allowing Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html ...

4.8CVSS5.7AI score0.0021EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/06/02 6:0 a.m.17 views

CVE-2025-1485 Real Cookie Banner < 5.1.6 - Admin+ Stored XSS

The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even wh...

0.0021EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:30 a.m.8 views

CVE-2024-6722

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

4.8CVSS5.7AI score0.00294EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:28 a.m.8 views

CVE-2024-6927

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00351EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:18 a.m.18 views

CVE-2024-2402

The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS5.6AI score0.00403EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:9 a.m.5 views

CVE-2024-1589

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS5.7AI score0.00405EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:6 a.m.12 views

CVE-2024-2278

Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS5.7AI score0.0042EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:3 a.m.6 views

CVE-2024-29910

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through 0.9.2...

6.5CVSS8.6AI score0.00312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:54 a.m.19 views

CVE-2024-0559

The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

6.5CVSS5.7AI score0.00497EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:54 a.m.7 views

CVE-2024-0951

The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS5.6AI score0.00379EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:54 a.m.9 views

CVE-2024-0561

The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

5.4CVSS5.7AI score0.00442EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:48 a.m.9 views

CVE-2024-6481

The Search & Filter Pro WordPress plugin before 2.5.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00294EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 9:28 a.m.21 views

CVE-2024-4384

The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS5.6AI score0.00354EPSS
Exploits2
Rows per page
Query Builder