Lucene search
K

454 matches found

NVD
NVD
added 2 days ago3 views

CVE-2026-57365

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hitesh Chandwani reCAPTCHA v2 & v3 for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA v2 & v3 for Asgaros Forum: from n/a through = 1.1.0...

6.5CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57365 WordPress reCAPTCHA (v2 & v3) for Asgaros Forum plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hitesh Chandwani reCAPTCHA v2 & v3 for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA v2 & v3 for Asgaros Forum: from n/a through = 1.1.0...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57365

The CVE-2026-57365 entry concerns the WordPress plugin “reCAPTCHA (v2 & v3) for Asgaros Forum” (versions ≤ 1.1.0). According to the provided documents, the vulnerability is a DOM-based Cross-Site Scripting (XSS) issue caused by improper neutralization of input during web page generation. The affe...

6.5CVSS6.1AI score0.00161EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/06 2:50 p.m.5 views

WordPress reCAPTCHA (v2 & v3) for Asgaros Forum plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by HieuPenguinnn in WordPress Plugin reCAPTCHA v2 & v3 for Asgaros Forum versions = 1.1.0...

6.5CVSS5.9AI score0.00161EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/26 9:16 p.m.9 views

CVE-2026-50136

Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...

7.4CVSS0.0029EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/06/22 11:15 p.m.19 views

Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials

The application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require authentication, table permission, datasource permission, or builde...

7.4CVSS6AI score0.0029EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-51453

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.3 Description The application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by recaptcha...

7.4CVSS6AI score0.0029EPSS
Exploits1References8
Patchstack
Patchstack
added 2026/06/09 9:39 a.m.12 views

WordPress Advanced Google reCAPTCHA plugin <= 5.38 - Authenticated (Subscriber+) Authentication Bypass vulnerability

Authenticated Subscriber+ Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Advanced Google reCAPTCHA versions = 5.38...

8.8CVSS5.5AI score0.00393EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/09 9:11 a.m.11 views

WordPress Advanced Google reCAPTCHA plugin <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by h0xilo in WordPress Plugin Advanced Google reCAPTCHA versions = 5.38...

8.8CVSS5.5AI score0.00449EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.10 views

CVE-2026-4512

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

3.5CVSS5.7AI score0.002EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/28 9:23 a.m.12 views

WordPress Login No Captcha reCAPTCHA plugin <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ISMAILSHADOW in WordPress Plugin Login No Captcha reCAPTCHA versions = 1.8.0...

7.2CVSS5.8AI score0.00346EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/28 3:27 a.m.24 views

CVE-2026-2374

The CVE-2026-2374 entry applies to the Login No Captcha reCAPTCHA WordPress plugin (v &lt;= 1.8.0). The vulnerability is a Stored Cross-Site Scripting (XSS) that occurs because authenticate() stores the unsanitized basename($_SERVER['PHP_SELF']) output in the login_nocaptcha_error WordPress optio...

7.2CVSS6AI score0.00346EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:27 a.m.14 views

CVE-2026-2374

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

7.2CVSS6AI score0.00346EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

WordPress plugin Login No Captcha reCAPTCHA 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.7AI score0.00346EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/04/24 12:9 a.m.7 views

WordPress WP reCaptcha by WebDesignBy plugin < 2.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Mustafa Ahmed in WordPress Plugin reCaptcha by WebDesignBy versions 2.0...

3.5CVSS5.8AI score0.002EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/23 7:16 a.m.11 views

CVE-2026-4512

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

3.5CVSS0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/23 6:0 a.m.5 views

CVE-2026-4512 WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

5.9AI score0.002EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:0 a.m.4 views

CVE-2026-4512

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

5.9AI score0.002EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/23 6:0 a.m.30 views

CVE-2026-4512 WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

0.002EPSS
Exploits0References1
CVE
CVE
added 2026/04/23 6:0 a.m.18 views

CVE-2026-4512

The CVE-2026-4512 entry concerns the WordPress plugin “reCaptcha by WebDesignBy” (before version 2.0). The root cause is the plugin’s Site Key setting not being sanitized/escaped before being output in a JavaScript string context via grecaptcha_js(), enabling stored XSS on multisite installations...

3.5CVSS5.9AI score0.002EPSS
Exploits0References1
Rows per page
Query Builder