CVE-2026-2837

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

WordPress Ricerca - advanced search plugin <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings vulnerability

WordPress Ricerca - advanced search plugin = 1.1.12 - Authenticated Administrator+ Stored Cross-Site Scripting via Plugin's Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Ricerca – advanced search versions = 1.1.12...

CVE-2026-2837

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2026-2837 Ricerca – advanced search <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2026-2837

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2026-2837

The CVE-2026-2837 entry describes a Stored Cross-Site Scripting vulnerability in the Ricerca – advanced search WordPress plugin up to version 1.1.12. The issue arises from insufficient input sanitization and output escaping in the plugin’s settings, allowing authenticated users with administrator...

PT-2026-26844

The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

WordPress plugin Ricerca 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Ricerca – advanced search Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ricerca – advanced search Type Plugin Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 32196aace89d Credits WordFence Required...

CVE-2023-0421

The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link...

paginebianche.it XSS vulnerability

Vulnerable URL: http://www.paginebianche.it/ricerca?qs=x"-alert'XSSPOSED'-"x"'--!confirmOPENBUGBOUNTY//...

Sql injection

Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to a Imgbig.asp, b thumb.asp, and c thumbricerca.asp and the 2 ricerca parameter to d thumbricerca.asp...