Lucene search
K

6 matches found

EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43156

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...

5.3CVSS6.2AI score0.00361EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/10/09 12:14 a.m.12 views

CVE-2025-60299

Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...

5.4CVSS5.4AI score0.002EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.9 views

PT-2025-41256

Name of the Vulnerable Software and Affected Versions Novel-Plus version 5.2.0 Description An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment via the /book/addCommentReply endpoint. The malicious payload is stored in the databa...

5.4CVSS5.4AI score0.002EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.3 views

Novel-Plus 安全漏洞

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A security vulnerability exists in Novel-Plus version 5.2.0, which stems from unvalidated input of the replyContent parameter and could lead to a stored cross-site scripting attack...

5.4CVSS5.9AI score0.002EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/08 12:0 a.m.5 views

CVE-2025-60299

Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...

5.1AI score0.002EPSS
Exploits1References2
CVE
CVE
added 2025/10/08 12:0 a.m.20 views

CVE-2025-60299

CVE-2025-60299 affects Novel-Plus version 5.2.0 with a stored XSS in the /book/addCommentReply endpoint. An authenticated user can inject JavaScript via the replyContent parameter when replying to a book comment; the payload is stored in the database and executes in other users’ browsers viewing ...

5.4CVSS5.1AI score0.002EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder