Lucene search
K

4 matches found

NVD
NVD
added 2025/11/27 5:16 a.m.8 views

CVE-2025-12151

The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'portfolioname' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00157EPSS
Exploits0References2
CVE
CVE
added 2025/11/27 4:36 a.m.16 views

CVE-2025-12151

The CVE-2025-12151 entry concerns the WordPress Simple Folio plugin. Multiple sources confirm a Stored Cross-Site Scripting (XSS) vulnerability in all versions up to and including 1.1.0, exploitable by authenticated attackers with Subscriber-level access and above via the portfolio_name parameter...

6.4CVSS4.7AI score0.00157EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/27 4:36 a.m.3 views

CVE-2025-12151 Simple Folio <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'portfolioname' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS4.7AI score0.00157EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.4 views

PT-2025-48226

The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'portfolio name' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS5AI score0.00157EPSS
Exploits0References3
Rows per page
Query Builder