Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

37 matches found

RedhatCVE
RedhatCVEadded 2026/02/12 7:33 a.m.4 views

CVE-2026-1893

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5.7AI score0.00014EPSS
Exploits0References1
NVD
NVDadded 2026/02/11 5:16 a.m.2 views

CVE-2026-1893

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00014EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/11 4:36 a.m.24 views

CVE-2026-1893 Orbisius Random Name Generator <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00014EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/11 4:36 a.m.3 views

CVE-2026-1893

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnlabel' parameter in the 'orbisiusrandomnamegenerator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5.7AI score0.00014EPSS
Exploits0References4
CVE
CVEadded 2026/02/11 4:36 a.m.14 views

CVE-2026-1893

The CVE affects Orbisius Random Name Generator for WordPress. Description: Stored Cross-Site Scripting via the btn_label shortcode attribute in orbisius_random_name_generator, affect versions up to 1.0.2. Root cause: insufficient input sanitization and output escaping. Impact: authenticated attac...

6.4CVSS5.7AI score0.00014EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/02/11 12:0 a.m.4 views

PT-2026-7484

The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn label' parameter in the 'orbisius random name generator' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes i...

6.4CVSS5.7AI score0.00014EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/02/11 12:0 a.m.7 views

WordPress plugin Orbisius Random Name Generator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00014EPSS
Exploits0References3
Patchstack
Patchstackadded 2026/02/10 10:58 p.m.6 views

WordPress Orbisius Random Name Generator plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'btnlabel' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Orbisius Random Name Generator versions = 1.0.2...

6.4CVSS5.4AI score0.00014EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/02/03 5:47 a.m.2 views

WordPress Child Theme Creator by Orbisius plugin <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete vulnerability

Missing Authorization to Authenticated Subscriber+ Cloud Snippet Update/Delete vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Child Theme Creator versions = 1.5.5...

4.3CVSS5.4AI score0.00111EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2020-21047

Malware in sbrugna...

8.8CVSS8.6AI score0.003EPSS
Exploits2References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2015-9296

Malware in sbrugna...

6.5CVSS6.5AI score0.00271EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-3835

Malicious code in bioql PyPI...

5.9CVSS8.9AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 11:59 a.m.2 views

CVE-2025-24634

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Svetoslav Marinov Orbisius Simple Notice orbisius-simple-notice allows Stored XSS.This issue affects Orbisius Simple Notice: from n/a through = 1.1.3...

5.9CVSS7.2AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 9:33 a.m.6 views

CVE-2015-9456

The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisiusctcthemeeditorajax⊂cmd=savefile theme1, theme1file, or theme1filecontents parameter...

6.5CVSS7.1AI score0.00271EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/02/05 2:5 p.m.7 views

CVE-2020-28649

The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisiusctcthemeeditormanagefile...

8.8CVSS7AI score0.003EPSS
Exploits2
NVD
NVDadded 2025/01/24 6:15 p.m.5 views

CVE-2025-24634

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Svetoslav Marinov Orbisius Simple Notice orbisius-simple-notice allows Stored XSS.This issue affects Orbisius Simple Notice: from n/a through = 1.1.3...

5.9CVSS0.00212EPSS
Exploits0References1
CVE
CVEadded 2025/01/24 5:24 p.m.42 views

CVE-2025-24634

CVE-2025-24634 affects the Orbisius Simple Notice WordPress plugin (versions ≤ 1.1.3). It is a Stored XSS due to improper input neutralization during web page generation. CVSS 3.1 base score 5.9 (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). Connected sources indicate patching in version 1.1.3 (patched),...

5.9CVSS7.2AI score0.00212EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/01/24 5:24 p.m.24 views

CVE-2025-24634 WordPress Orbisius Simple Notice plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Svetoslav Marinov Orbisius Simple Notice orbisius-simple-notice allows Stored XSS.This issue affects Orbisius Simple Notice: from n/a through = 1.1.3...

5.9CVSS0.00212EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/01/24 5:24 p.m.8 views

CVE-2025-24634 WordPress Orbisius Simple Notice plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Svetoslav Marinov Orbisius Simple Notice orbisius-simple-notice allows Stored XSS.This issue affects Orbisius Simple Notice: from n/a through = 1.1.3...

5.9CVSS7.2AI score0.00212EPSS
Exploits0References1
Patchstack
Patchstackadded 2025/01/24 11:47 a.m.2 views

WordPress Orbisius Simple Notice plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Pham Van Tam in WordPress Plugin Orbisius Simple Notice versions = 1.1.3...

5.9CVSS6.1AI score0.00212EPSS
Exploits0Affected Software1
Rows per page
Query Builder