Lucene search
K

224 matches found

NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-42649

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

7.1CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.10 views

CVE-2026-42649

CVE-2026-42649 concerns the WordPress plugin Favicon Rotator (versions

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.8 views

EUVD-2026-36817

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.7 views

CVE-2026-42649 WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.29 views

CVE-2026-42649 WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49443

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/29 2:11 p.m.7 views

WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Favicon Rotator versions = 1.2.11...

5.8AI score0.00175EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/28 4:28 a.m.4 views

CVE-2026-6725

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.5AI score0.00188EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/28 4:28 a.m.5 views

CVE-2026-6725 WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.5AI score0.00188EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/28 4:28 a.m.37 views

CVE-2026-6725 WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00188EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.9 views

PT-2026-35659

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsm text rotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.5AI score0.00188EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/04/14 11:37 a.m.4 views

WordPress Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget plugin <= 3.5.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget versions = 3.5.6...

5.8AI score
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/06 7:53 a.m.4 views

CVE-2026-28112

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 6:30 a.m.9 views

EUVD-2026-9765

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...

7.1CVSS5.9AI score0.00146EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 6:16 a.m.6 views

CVE-2026-28112

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...

7.1CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 5:54 a.m.12 views

CVE-2026-28112

CVE-2026-28112 describes a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin AllInOne - Banner Rotator (also listed as all-in-one-bannerRotator). The issue affects versions

7.1CVSS5.9AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 5:54 a.m.30 views

CVE-2026-28112 WordPress AllInOne - Banner Rotator plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...

7.1CVSS0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:54 a.m.4 views

CVE-2026-28112 WordPress AllInOne - Banner Rotator plugin <= 3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...

7.1CVSS5.9AI score0.00146EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:54 a.m.8 views

CVE-2026-28112

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...

5.9AI score0.00146EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.10 views

WordPress plugin AllInOne - Banner Rotator 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.7AI score0.00146EPSS
Exploits0References1
Rows per page
Query Builder