Lucene search
K

8338 matches found

RedhatCVE
RedhatCVE
added 2025/07/05 11:22 a.m.10 views

CVE-2025-2540

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library version 3.1.6 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS5.7AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/05 9:24 a.m.5 views

CVE-2024-5647

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS5.6AI score0.00292EPSS
Exploits0References1
OSV
OSV
added 2025/07/04 2:42 p.m.3 views

OESA-2025-1705 gstreamer1-plugins-good security update

Security Fixes: CVE-2025-47219...

8.1CVSS7AI score0.00578EPSS
Exploits1References2
NVD
NVD
added 2025/07/03 1:15 p.m.4 views

CVE-2025-2537

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library version 3.1 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00225EPSS
Exploits0References5
Wordfence Blog
Wordfence Blog
added 2025/07/03 1:2 p.m.35 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 23, 2025 to June 29, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards forall in-scope submissions from our 'High Threat' list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

9.8CVSS9.6AI score0.02055EPSS
Exploits8
CVE
CVE
added 2025/07/03 12:23 p.m.29 views

CVE-2025-2537

CVE-2025-2537 involves Stored DOM-Based Cross-Site Scripting via the ThickBox JavaScript library (v3.1) in multiple WordPress plugins. The description and connected sources confirm an authenticated attacker with contributor-level access can inject scripts into pages, which execute for users visit...

6.4CVSS5.6AI score0.00225EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/03 12:23 p.m.11 views

CVE-2025-2537 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library version 3.1 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00225EPSS
Exploits0References5
NVD
NVD
added 2025/07/03 12:15 p.m.8 views

CVE-2025-2540

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library version 3.1.6 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS0.00274EPSS
Exploits0References9
CVE
CVE
added 2025/07/03 11:19 a.m.25 views

CVE-2025-2540

CVE-2025-2540 covers a class of stored DOM-based Cross-Site Scripting flaws in WordPress plugins that bundle the prettyPhoto JavaScript library (v3.1.6). The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers with co...

6.4CVSS5.7AI score0.00274EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/07/03 11:19 a.m.11 views

CVE-2025-2540 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library version 3.1.6 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS0.00274EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/07/03 11:19 a.m.5 views

CVE-2025-2540 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library version 3.1.6 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.4CVSS6AI score0.00274EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2025/07/03 10:15 a.m.1 views

CVE-2024-5647

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS6.1AI score0.00292EPSS
Exploits0References17
NVD
NVD
added 2025/07/03 10:15 a.m.8 views

CVE-2024-5647

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS0.00292EPSS
Exploits0References16
Cvelist
Cvelist
added 2025/07/03 9:22 a.m.13 views

CVE-2024-5647 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS0.00292EPSS
Exploits0References16
CVE
CVE
added 2025/07/03 9:22 a.m.41 views

CVE-2024-5647

The CVE-2024-5647 entry documents a Stored DOM‑Based Cross‑Site Scripting vulnerability arising from the Magnific Popup JavaScript library (version 1.1.0) bundled in multiple WordPress plugins (e.g., Robo Gallery, Gutentor, Shortcodes Ultimate, Happy Addons, Divi, etc.). The issue requires authen...

6.4CVSS5.7AI score0.00292EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2025/07/03 9:22 a.m.8 views

CVE-2024-5647 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS6AI score0.00292EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.4 views

PT-2025-27796 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress plugins affected versions not specified Description: The issue is related to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library. Insufficient input sanitization and output escaping on user-supplied...

6.4CVSS5.5AI score0.00225EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/07/03 12:0 a.m.3 views

WordPress多款产品 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerabilit...

6.4CVSS5.8AI score0.00292EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2025/07/03 12:0 a.m.8 views

AlmaLinux 9 : gstreamer1-plugins-good (ALSA-2025:7242)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:7242 advisory. gstreamer1-plugins-good: OOB-read in qtdemuxparsecontainer CVE-2024-47543 gstreamer1-plugins-good: GStreamer has an OOB-read in gstavisubtitleparsegab2chu...

9.1CVSS6.9AI score0.01139EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2025/07/03 12:0 a.m.4 views

AlmaLinux 9 : gstreamer1-plugins-base (ALSA-2025:7243)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:7243 advisory. gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference CVE-2024-47542 gstreamer1-plugins-base: GStreamer has an out-of-boun...

9.1CVSS7.1AI score0.01298EPSS
Exploits2References6
Rows per page
Query Builder