Lucene search
+L

127 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-54727

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00566EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-34454

Malicious code in bioql PyPI...

4.8CVSS5.1AI score0.00552EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-26823

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00321EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-26849

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0037EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-50057

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00409EPSS
Exploits0References1
NVD
NVD
added 2025/09/10 7:15 a.m.4 views

CVE-2025-6189

The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘metakey’ parameter in all versions up to, and including, 2.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

6.5CVSS0.00278EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.3 views

WordPress plugin WP Links Page SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP Links...

8.5CVSS7.5AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/31 10:6 a.m.4 views

CVE-2025-6681

The Fan Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS5.5AI score0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/29 9:23 a.m.2 views

CVE-2025-6681 Fan Page <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter

The Fan Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS5.5AI score0.00182EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.3 views

WordPress plugin Fan Page 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.6AI score0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/29 12:0 a.m.9 views

PT-2025-31183 · WordPress · Fan Page

Name of the Vulnerable Software and Affected Versions: Fan Page plugin for WordPress versions up to and including 1.0.1 Description: The plugin is susceptible to Stored Cross-Site Scripting through the width parameter due to inadequate input sanitization and output escaping. This allows...

6.4CVSS6.2AI score0.00182EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 5:28 a.m.6 views

CVE-2023-25063

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin = 5.2.3 versions...

5.9CVSS5.2AI score0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:44 a.m.7 views

CVE-2023-22720

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Robert Macchi WP Links Page plugin = 4.9.3 versions...

6.5CVSS5.6AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:30 a.m.11 views

CVE-2023-5199

The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute cod...

9.9CVSS8.3AI score0.01383EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:15 a.m.8 views

CVE-2022-4675

The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.9AI score0.00471EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:22 p.m.7 views

CVE-2022-2093

The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS6AI score0.00552EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:36 p.m.6 views

CVE-2021-25075

The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevartduplicatepostparametrssaveindb AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack...

3.5CVSS5.9AI score0.01582EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:36 a.m.11 views

CVE-2015-1580

Multiple cross-site request forgery CSRF vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings or conduct cross-site scripting XSS attacks via the 2 source or 3 redir...

6.8CVSS6.9AI score0.01001EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:40 a.m.7 views

CVE-2015-10119

A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function actionadminnoticesactivation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiat...

6.1CVSS6.2AI score0.00594EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/19 4:35 p.m.6 views

CVE-2025-39369 WordPress Posts for Page plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sihibbs Posts for Page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through 2.1...

6.5CVSS6.6AI score0.00174EPSS
Exploits0References1
Rows per page
Query Builder