Lucene search
K

101 matches found

NVD
NVD
added 2026/06/25 10:16 p.m.7 views

CVE-2020-37256

Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access...

5.4CVSS0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.22 views

CVE-2020-37256 Grav - Cross-Site Scripting in Admin Plugin Page Editor

Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access...

5.4CVSS0.00167EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 9:41 p.m.12 views

CVE-2020-37256

Grav before 1.6.30 has a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access. Affected product is G...

5.4CVSS6.1AI score0.00167EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.26 views

PT-2026-52606

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.6.30 Description A cross-site scripting issue exists in the default security configuration of the Admin plugin page editor. Privileged users with page editing capabilities can inject malicious scripts to execute...

5.4CVSS6AI score0.00167EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/21 9:43 p.m.12 views

CVE-2026-7890 Concrete CMS 9.5.0 is vulnerable to SSRF via RSS Displayer Block

In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor and fetches it server-side without validation enabling redirect-to-internal bypasses. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.1 with a...

2.1CVSS5.8AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.18 views

CVE-2026-1088

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS5.4AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2026/01/24 8:16 a.m.7 views

CVE-2026-1088

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.37 views

CVE-2026-1088 Login Page Editor <= 1.2 - Cross-Site Request Forgery to Settings Update

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS0.00154EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.3 views

CVE-2026-1088

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS5.8AI score0.00154EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.5 views

CVE-2026-1088 Login Page Editor <= 1.2 - Cross-Site Request Forgery to Settings Update

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS5.8AI score0.00154EPSS
Exploits0References3
CVE
CVE
added 2026/01/24 7:26 a.m.10 views

CVE-2026-1088

CVE-2026-1088 affects the WordPress plugin Login Page Editor (≤1.2). The issue is a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the devotion_loginform_process() AJAX action, enabling unauthenticated attackers to update login-page settings if a site administrator is tricke...

4.3CVSS5.4AI score0.00154EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/24 5:35 a.m.9 views

WordPress Login Page Editor plugin <= 1.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Login Page Editor versions = 1.2...

4.3CVSS5.5AI score0.00154EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.7 views

WordPress Plugin Login Page Editor Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00154EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.10 views

PT-2026-4583

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotion loginform process AJAX action. This makes it possible for unauthenticated attackers to update the plugin's logi...

4.3CVSS5.4AI score0.00154EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.9 views

CVE-2023-4536

The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE...

8.8CVSS6.8AI score0.00816EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/03 9:4 p.m.16 views

CVE-2026-21451

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize...

8.4CVSS5.7AI score0.00489EPSS
Exploits1References1
OSV
OSV
added 2026/01/02 8:37 p.m.6 views

CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST...

6.3CVSS5.8AI score0.00489EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/02 8:37 p.m.42 views

CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS

Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST...

6.3CVSS0.00489EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.15 views

Bagisto 跨站脚本漏洞

Bagisto is an open source e-commerce framework open sourced by Webkul Software in India. A cross-site scripting vulnerability exists in Bagisto versions prior to 2.3.10, which stems from the presence of stored cross-site scripting in the CMS page editor, which could lead to account takeover...

8.4CVSS5.7AI score0.00489EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.8 views

PT-2026-1131

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.10 Description Bagisto, an open source laravel eCommerce platform, contains a stored Cross-Site Scripting XSS issue within the CMS page editor. The platform’s attempt to sanitize tags can be bypassed by manipulati...

8.4CVSS6AI score0.00489EPSS
Exploits1References5
Rows per page
Query Builder