Lucene search
K

63 matches found

CVE
CVE
added 2026/02/07 8:26 a.m.21 views

CVE-2026-1634

CVE-2026-1634 concerns the WordPress plugin Subitem AL Slider. Affected) versions are all up to and including 1.0.0, vulnerable to Reflected Cross-Site Scripting via the PHP_SELF parameter due to insufficient input sanitization and output escaping. Unauthenticated attackers could inject scripts i...

6.1CVSS5.6AI score0.00264EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/07 8:26 a.m.6 views

CVE-2026-1634

The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00264EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.13 views

PT-2026-6894

Name of the Vulnerable Software and Affected Versions Subitem AL Slider versions prior to 1.0.1 Description The Subitem AL Slider plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to the $ SERVER'PHP...

6.1CVSS5.7AI score0.00264EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/06 1:30 p.m.7 views

CVE-2026-1654

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/05 9:13 a.m.9 views

EUVD-2026-5549

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00293EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/05 9:13 a.m.6 views

CVE-2026-1654 Peter's Date Countdown <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00293EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 9:13 a.m.5 views

CVE-2026-1654

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00293EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.14 views

PT-2026-6053

Name of the Vulnerable Software and Affected Versions Peter's Date Countdown plugin for WordPress versions prior to 2.0.1 Description The Peter's Date Countdown plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escapin...

6.1CVSS5.8AI score0.00293EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.8 views

CVE-2025-13701

The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS5.6AI score0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 11:15 a.m.5 views

CVE-2025-13701 Shabat Keeper <= 0.4.4 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS5.3AI score0.00255EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.6 views

PT-2026-1707

Name of the Vulnerable Software and Affected Versions Shabat Keeper versions up to and including 0.4.4 Description The Shabat Keeper plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attacker...

6.1CVSS5.7AI score0.00255EPSS
Exploits0References8
EUVD
EUVD
added 2025/12/20 6:30 a.m.4 views

EUVD-2025-204626

The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

6.1CVSS5.2AI score0.00215EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/20 3:20 a.m.4 views

CVE-2025-13624 Overstock Affiliate Links <= 1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

6.1CVSS5.2AI score0.00215EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/20 3:20 a.m.22 views

CVE-2025-13624 Overstock Affiliate Links <= 1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Overstock Affiliate Links plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

6.1CVSS0.00215EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/17 12:0 a.m.4 views

EUVD-2025-203916

Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...

6.1CVSS5.8AI score0.00184EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.7 views

PT-2025-50854

The Category Dropdown List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00204EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/06 6:58 a.m.13 views

CVE-2025-13515

The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00212EPSS
Exploits0References1
NVD
NVD
added 2025/12/06 6:15 a.m.5 views

CVE-2025-13626

The myLCO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00219EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.6 views

CVE-2025-13512

The CoSign Single Signon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00212EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/06 5:49 a.m.5 views

CVE-2025-13626 myLCO <= 0.8.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The myLCO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.3AI score0.00219EPSS
Exploits0References4
Rows per page
Query Builder