Lucene search
K

90 matches found

Vulnrichment
Vulnrichment
added 2024/08/10 6:0 a.m.10 views

CVE-2024-6134 WP eStore < 8.5.6 - Reflected XSS in Product Editing

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.4AI score0.00378EPSS
Exploits1References1
NVD
NVD
added 2024/08/05 6:16 a.m.28 views

CVE-2024-6710

The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

5.4CVSS0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/01 6:0 a.m.29 views

CVE-2024-6529 Ultimate Classified Listings < 1.4 - Reflected XSS

The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00958EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/07/30 6:0 a.m.33 views

CVE-2024-6226 WpStickyBar <= 2.1.0 - Reflected XSS

The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00359EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.21 views

CVE-2024-5074 WP eMember < 10.6.6 - Reflected XSS

The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00403EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.19 views

CVE-2024-3753 Hostel < 1.1.5.3 - Reflected XSS

The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00807EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/12 6:0 a.m.28 views

CVE-2024-5626 Inline Related Posts < 3.7.0 - Reflected XSS

The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.0038EPSS
Exploits1References1
NVD
NVD
added 2024/06/28 6:15 a.m.18 views

CVE-2024-5727

The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

4.7CVSS0.00555EPSS
Exploits2References1
OSV
OSV
added 2024/05/23 7:33 p.m.14 views

GHSA-M8V7-X398-PXRF Silverstripe XSS in CMS Edit Page

Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack...

6.1CVSS6.8AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/23 7:33 p.m.6 views

Silverstripe XSS in CMS Edit Page

Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page. An attacker could create a URL and share it with a site administrator to perform an attack...

6.8AI score
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.2 views

PT-2024-40365 · Cms · Cms

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, so: CMS affected versions not specified Description: The issue is due to a lack of parameter sanitisation, allowing a carefully crafted URL to inject arbitrary HTML into the CMS Edit page. An attack...

6.1CVSS6.6AI score
Exploits0References6
OSV
OSV
added 2024/05/17 6:15 a.m.4 views

CVE-2024-3231

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins...

6.1CVSS5.8AI score0.00684EPSS
Exploits2References1
NVD
NVD
added 2024/04/01 5:15 a.m.16 views

CVE-2024-2263

Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

4.8CVSS5.8AI score0.00402EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/03/25 12:0 a.m.19 views

Advanced Access Manager < 6.9.21 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.2AI score0.00438EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.397 views

Contact Form 7 < 5.9.2 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators. PoC...

6.1CVSS6.1AI score0.013EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.16 views

Advanced Schedule Posts <= 2.1.8 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins. PoC...

8.5AI score0.00265EPSS
Exploits2
NVD
NVD
added 2024/01/08 7:15 p.m.22 views

CVE-2023-6555

The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.00442EPSS
Exploits2References1
Prion
Prion
added 2023/11/20 7:15 p.m.18 views

Cross site scripting

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.8CVSS6.3AI score0.00444EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/14 12:0 a.m.13 views

WP Event Manager < 3.1.43 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00437EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/06 8:40 p.m.29 views

CVE-2023-5354 Awesome Support < 6.1.5 - Reflected Cross-Site Scripting

The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.2AI score0.00398EPSS
Exploits2References1
Rows per page
Query Builder