Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2026/06/15 12:0 p.m.4 views

EUVD-2016-10886

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via...

5.3CVSS5.1AI score0.00106EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/16 12:0 a.m.9 views

PT-2026-41454

Name of the Vulnerable Software and Affected Versions Cookie Law Bar version 1.2.1 Description A stored cross-site scripting issue allows authenticated attackers to inject malicious scripts by submitting unsanitized input to the 'Bar Message' field. These script payloads are injected through the...

6.4CVSS5.7AI score0.00197EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/05/22 6:34 p.m.8 views

CVE-2021-24597

The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used...

5.4CVSS6.1AI score0.00604EPSS
Exploits1References1
OSV
OSVadded 2025/05/08 7:15 a.m.3 views

CVE-2025-4127

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price Range’ parameter in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00223EPSS
Exploits0References3
CVE
CVEadded 2025/05/08 6:39 a.m.65 views

CVE-2025-4127

CVE-2025-4127 affects the WP SEO Structured Data Schema WordPress plugin. Versiones up to 2.7.11 are vulnerable to a Stored Cross-Site Scripting (XSS) via the Price Range parameter due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributo...

6.4CVSS5.7AI score0.00223EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDBadded 2021/08/10 12:0 a.m.12 views

Picture Gallery < 1.4.4 - Authenticated Stored XSS

The plugin does not properly sanitize input on a field found in the plugin's settings page, leading to a stored cross site scripting risk where authenticated users can target other authenticated users. PoC Enter a XSS payload like " in the "Content URL" field found on the plugin's Settings -...

1.6AI score
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2021/04/05 6:27 p.m.15 views

CVE-2021-24196 Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)

The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘tokenerror’ parameter can be controlled by users and it is directly echoed without being sanitized...

5.5AI score0.00679EPSS
Exploits2References2
Rows per page
Query Builder