CVE-2026-2837

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

WordPress Ricerca - advanced search plugin <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings vulnerability

WordPress Ricerca - advanced search plugin = 1.1.12 - Authenticated Administrator+ Stored Cross-Site Scripting via Plugin's Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Ricerca – advanced search versions = 1.1.12...

CVE-2026-2837

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2026-2837 Ricerca – advanced search <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2026-2837

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2026-2837

The CVE-2026-2837 entry describes a Stored Cross-Site Scripting vulnerability in the Ricerca – advanced search WordPress plugin up to version 1.1.12. The issue arises from insufficient input sanitization and output escaping in the plugin’s settings, allowing authenticated users with administrator...

WordPress plugin Ricerca 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-26844

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

WordPress Ricerca – advanced search Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ricerca – advanced search Type Plugin Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 32196aace89d Credits WordFence Required...

CVE-2023-0421

The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...

paginebianche.it XSS vulnerability

Vulnerable URL: http://www.paginebianche.it/ricerca?qs=x"-alert'XSSPOSED'-"x"'--!confirmOPENBUGBOUNTY//...

Sql injection

Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to a Imgbig.asp, b thumb.asp, and c thumbricerca.asp and the 2 ricerca parameter to d thumbricerca.asp...