Lucene search
K

7 matches found

CNNVD
CNNVD
added 2026/05/02 12:0 a.m.8 views

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.8AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-47653

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00387EPSS
Exploits0References4
CVE
CVE
added 2025/01/29 3:22 p.m.223 views

CVE-2025-24374

Twig is a PHP template engine. The vulnerability CVE-2025-24374 concerns missing output escaping for the left side of the null coalescing operator (??). The issue is fixed in Twig 3.19.0. Severity in CVSSv3.1 is MEDIUM (4.3), but the document notes no exploitation details. Connected sources (NVD/...

4.3CVSS4.6AI score0.00282EPSS
Exploits0References2
CVE
CVE
added 2024/12/06 8:24 a.m.53 views

CVE-2024-11204

The CVE refers to WordPress plugin ForumWP (Forum & Discussion Board) with a Reflected Cross-Site Scripting vulnerability via the url parameter in all versions up to and including 2.1.2. Public details confirm the issue stems from insufficient input sanitization and output escaping, enabling unau...

6.1CVSS6AI score0.0034EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/05/09 8:3 p.m.25 views

CVE-2024-3916 Swift Framework <= 2.7.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 2.7.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.8AI score0.00365EPSS
Exploits0References2
CVE
CVE
added 2024/05/09 8:3 p.m.65 views

CVE-2024-4383

CVE-2024-4383 affects the WordPress plugin Simple Membership. The vulnerability is a Stored Cross-Site Scripting via the plugin’s swpm_paypal_subscription_cancel_link shortcode in all versions up to and including 4.4.5, caused by insufficient input sanitization and output escaping on user-supplie...

6.4CVSS5.7AI score0.00429EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/03/29 6:44 a.m.23 views

CVE-2024-2280 Better Elementor Addons <= 1.4.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget links

The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget link URL values in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00404EPSS
Exploits0References3
Rows per page
Query Builder