Lucene search
K

149 matches found

CVE
CVE
added 2025/04/22 12:0 a.m.51 views

CVE-2023-44753

The CVE-2023-44753 entry concerns a stored XSS in Student Management System v1.0. Affected component: profile.php, where an attacker can inject a crafted payload via the email parameter, enabling script execution in the victim’s browser. Root cause is unvalidated input in the profile page’s email...

6.1CVSS5.7AI score0.00251EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/04/08 9:15 a.m.33 views

CVE-2025-3432

The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-aawp-web' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...

6.4CVSS0.00216EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/22 6:41 a.m.15 views

CVE-2025-2477 CryoKey <= 2.4 - Reflected Cross-Site Scripting via 'ckemail' Parameter

The CryoKey plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ckemail’ parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

4.7CVSS0.0027EPSS
Exploits0References3
NVD
NVD
added 2025/03/12 4:15 a.m.12 views

CVE-2025-2077

The Simple Amazon Affiliate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'msg' parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.00287EPSS
Exploits0References2
NVD
NVD
added 2025/03/08 9:15 a.m.12 views

CVE-2025-1287

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown, Syntax Highlighter, and Page Scroll widgets in all versions up to, and including, 6.2.2 due to insufficient...

6.4CVSS0.00272EPSS
Exploits0References5
NVD
NVD
added 2025/03/03 1:15 a.m.5 views

CVE-2025-27585

A stored cross-site scripting XSS vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update...

5.4CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 2025/02/20 10:15 a.m.8 views

CVE-2025-1328

The Typed JS: A typewriter style animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘typespeed’ parameter in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS0.00305EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/06 2:11 a.m.8 views

CVE-2022-25307

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when sit...

7.2CVSS6AI score0.01357EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:44 a.m.10 views

CVE-2024-7869

The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that wi...

7.2CVSS6AI score0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:30 p.m.8 views

CVE-2024-8981

The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible for unauthenticated...

7.1CVSS6.4AI score0.00454EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/30 12:22 p.m.3 views

CVE-2024-13466 Automatically Hierarchic Categories in Menu <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Automatically Hierarchic Categories in Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.8AI score0.00327EPSS
Exploits0References4
Veracode
Veracode
added 2025/01/24 4:12 a.m.7 views

Stored Cross-site Scripting (XSS)

librenms/librenms is vulnerable to Stored cross-site scripting XSS. The vulnerability is due to insufficient input sanitization of the display parameter in the /device/$DEVICEID/edit endpoint, allowing attackers to inject and store malicious scripts on the server...

5.4CVSS5.9AI score0.00372EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/21 9:21 a.m.7 views

CVE-2024-12005 WP-BibTeX <= 3.0.1 - Cross-Site Request Forgery to Stored and Reflected Cross-Site Scripting

The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wpbibtexoptionpage function. This makes it possible for unauthenticated attackers to inject malicious web scripts...

6.1CVSS6AI score0.00178EPSS
Exploits0References4
CVE
CVE
added 2025/01/18 7:5 a.m.38 views

CVE-2024-13391

CVE-2024-13391 relates to a Stored Cross‑Site Scripting vulnerability in the WordPress plugin MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet . The flaw exists in the shortcode videowhisper_content_upload_guest and arises from insufficient input sanitization and o...

6.4CVSS5.8AI score0.00272EPSS
Exploits0References2
Veracode
Veracode
added 2025/01/13 7:34 a.m.7 views

Stored Cross-site Scripting (XSS)

redaxo/source is vulnerable to Stored cross-site scripting XSS. The vulnerability is due to improper input validation in the /media/test.html component, allowing attackers to inject malicious scripts into the password parameter...

5.4CVSS6.1AI score0.00396EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/01/11 8:15 a.m.5 views

CVE-2024-11892

The Accordion Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordionslider' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00326EPSS
Exploits0References6
CVE
CVE
added 2025/01/07 4:22 a.m.45 views

CVE-2024-12256

The CVE-2024-12256 entry concerns the Simple Video Management System WordPress plugin, vulnerable to Reflected Cross-Site Scripting via the analytics_video parameter in all versions up to 1.0.4. Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated attackers cou...

6.1CVSS6AI score0.00341EPSS
Exploits0References2
CVE
CVE
added 2025/01/04 11:16 a.m.55 views

CVE-2024-12475

CVE-2024-12475 describes a Stored Cross-Site Scripting flaw in the WP Multistore Locator plugin for WordPress, affecting versions up to 2.4.1. The root cause is insufficient input sanitization and output escaping, enabling an authenticated attacker with Contributor+ privileges to inject scripts t...

6.4CVSS5.7AI score0.00302EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/17 7:23 a.m.6 views

CVE-2024-12219 Stop Registration Spam <= 1.23 - Cross-Site Request Forgery to Cross-Site Scripting

The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request...

6.1CVSS7.1AI score0.00223EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/14 4:23 a.m.18 views

CVE-2024-12448 Posts and Products Views for WooCommerce <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'papvfwcviews' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00287EPSS
Exploits0References2
Rows per page
Query Builder