Lucene search
K

198 matches found

CNNVD
CNNVD
added 2025/09/12 12:0 a.m.4 views

WordPress plugin Contact Form 7 reCAPTCHA 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Contact...

5.8CVSS5.6AI score0.00188EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.5 views

PT-2025-37295

Name of the Vulnerable Software and Affected Versions: Contact Form 7 reCAPTCHA WordPress plugin versions through 1.2.0 Description: The plugin does not escape the $ SERVER'REQUEST URI' parameter before outputting it, potentially leading to Reflected Cross-Site Scripting in older web browsers...

5.8CVSS5.4AI score0.00188EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-28097

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Lengt...

7.5CVSS7.3AI score0.00969EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/07 12:45 a.m.8 views

CVE-2025-58362

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/08/21 11:22 p.m.3 views

SUSE CVE-2025-50946

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...

6.5CVSS7.4AI score0.013EPSS
Exploits2References2
OSV
OSV
added 2025/08/16 6:15 a.m.4 views

CVE-2025-8113

The Ebook Store WordPress plugin before 5.8015 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS5.8AI score0.00207EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/08/16 6:0 a.m.9 views

CVE-2025-8113 Ebook Store < 5.8015 - Reflected XSS via $_SERVER['REQUEST_URI']

The Ebook Store WordPress plugin before 5.8015 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

0.00207EPSS
Exploits1References1
CVE
CVE
added 2025/08/16 6:0 a.m.32 views

CVE-2025-8113

CVE-2025-8113 affects the Ebook Store WordPress plugin (versions before 5.8015). The issue is a Reflected Cross-Site Scripting vulnerability where the plugin does not escape the $_SERVER['REQUEST_URI'] when outputting it into an HTML attribute, enabling a crafted URL to inject scripts in vulnerab...

6.1CVSS5.9AI score0.00207EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/16 6:0 a.m.4 views

CVE-2025-8113 Ebook Store < 5.8015 - Reflected XSS via $_SERVER['REQUEST_URI']

The Ebook Store WordPress plugin before 5.8015 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.4AI score0.00207EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/16 12:0 a.m.6 views

PT-2025-33537

Name of the Vulnerable Software and Affected Versions: The Ebook Store WordPress plugin versions prior to 5.8015 Description: The Ebook Store WordPress plugin does not escape the $ SERVER'REQUEST URI' parameter before outputting it, potentially leading to Reflected Cross-Site Scripting in older w...

6.1CVSS5.9AI score0.00207EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/08/16 12:0 a.m.4 views

WordPress plugin Ebook Store 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.1CVSS6.1AI score0.00207EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/08/14 6:0 a.m.10 views

CVE-2025-8046 Injection Guard < 1.2.8 - Reflected XSS via $_SERVER['REQUEST_URI']

The Injection Guard WordPress plugin before 1.2.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

0.00207EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.8 views

PT-2025-33128 · WordPress · Injection Guard

Name of the Vulnerable Software and Affected Versions: Injection Guard WordPress plugin versions prior to 1.2.8 Description: The Injection Guard WordPress plugin does not properly escape the $ SERVER'REQUEST URI' parameter before displaying it within an attribute. This could lead to Reflected...

6.1CVSS5.8AI score0.00207EPSS
Exploits1References6
NVD
NVD
added 2025/08/13 6:15 p.m.3 views

CVE-2025-50946

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...

6.5CVSS0.013EPSS
Exploits2References3
OSV
OSV
added 2025/08/13 12:0 a.m.4 views

CVE-2025-50946

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go...

6.5CVSS7.4AI score0.013EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/05/23 6:37 a.m.8 views

CVE-2024-8056

The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS6.2AI score0.00307EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:2 a.m.6 views

CVE-2023-28097

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large Content-Length value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memo...

7.5CVSS6.7AI score0.00969EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.5 views

CVE-2023-22972

A Reflected Cross-site scripting XSS vulnerability in interface/forms/eyemag/php/eyemagfunctions.php in OpenEMR 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUESTURI...

5.4CVSS5.8AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:46 p.m.7 views

CVE-2022-45909

drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request...

9.1CVSS7.1AI score0.00972EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:35 p.m.7 views

CVE-2021-43557

The uri-block plugin in Apache APISIX before 2.10.2 uses $requesturi without verification. The $requesturi is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains...

7.5CVSS6.7AI score0.14589EPSS
Exploits1
Rows per page
Query Builder