Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-10797

Malicious code in bioql PyPI...

6.4CVSS7.2AI score0.00295EPSS
Exploits0References7
OSV
OSV
added 2025/04/11 12:15 p.m.7 views

CVE-2025-2575

The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

5.4CVSS5.9AI score0.00295EPSS
Exploits0References7
NVD
NVD
added 2025/04/11 12:15 p.m.16 views

CVE-2025-2575

The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

6.4CVSS0.00295EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/04/11 11:11 a.m.16 views

CVE-2025-2575 Z Companion <= 1.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

6.4CVSS5.8AI score0.00295EPSS
Exploits0References7
CVE
CVE
added 2025/04/11 11:11 a.m.70 views

CVE-2025-2575

The CVE-2025-2575 entry corresponds to the WordPress Z Companion plugin (versions up to 1.1.1) with a Stored Cross-Site Scripting vulnerability via SVG file uploads. The issue arises from insufficient input sanitization and output escaping, enabling authenticated attackers with Author-level acces...

6.4CVSS5.8AI score0.00295EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2025/04/11 11:11 a.m.20 views

CVE-2025-2575 Z Companion <= 1.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

6.4CVSS0.00295EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/04/11 12:0 a.m.6 views

PT-2025-16103 · Unknown +1 · Royal Shop +1

Name of the Vulnerable Software and Affected Versions: Z Companion plugin for WordPress versions up to and including 1.1.1 Description: The issue allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts in pages that will execute when a user accesses an...

6.4CVSS7AI score0.00295EPSS
Exploits0References14
Rows per page
Query Builder