Lucene search
K

1415 matches found

Patchstack
Patchstack
added 2025/12/11 11:11 p.m.7 views

WordPress LS Google Map Router plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin LS Google Map Router versions = 1.1.0...

6.4CVSS5.5AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 11:9 p.m.7 views

WordPress FX Currency Converter plugin <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin FX Currency Converter versions = 0.2.0...

6.4CVSS5.6AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 11:9 p.m.7 views

WordPress Divelogs Widget plugin <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Divelogs Widget versions = 1.5...

6.4CVSS5.6AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 11:4 p.m.3 views

WordPress GPXpress plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin GPXpress versions = 1.3...

6.4CVSS5.5AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 10:59 p.m.6 views

WordPress WPGancio plugin <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin WPGancio versions = 1.12...

6.4CVSS5.6AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 10:46 p.m.7 views

WordPress WP Flot plugin <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin WP Flot versions = 0.2.2...

6.4CVSS5.6AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 10:45 p.m.6 views

WordPress Zenost Shortcodes plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin Zenost Shortcodes versions = 1.0...

6.4CVSS5.8AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 10:40 p.m.7 views

WordPress Easy Map Creator plugin <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Easy Map Creator versions = 3.0.2...

6.4CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:48 p.m.7 views

WordPress App Landing Template Blocks for WPBakery Page Builder plugin <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin App Landing Template Blocks for WPBakery Visual Composer Page Builder versions = 2.0.2...

6.4CVSS5.4AI score0.00181EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:46 p.m.5 views

WordPress Data Visualizer plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Data Visualizer versions = 1.1...

6.4CVSS5.6AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:46 p.m.9 views

WordPress Hide Email Address plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Hide Email Address versions = 0.1...

6.4CVSS5.5AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:41 p.m.6 views

WordPress Simple Nivo Slider plugin <= 0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple Nivo Slider versions = 0.5.6...

6.4CVSS5.5AI score0.00228EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-201883

The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks...

6.2AI score0.00376EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:17 p.m.4 views

CVE-2025-13070

The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks...

6.6CVSS0.00376EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 6:0 a.m.19 views

CVE-2025-13070 CSV to SortTable <= 4.2 - Contributor+ LFI

The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks...

0.00376EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 6:0 a.m.2 views

CVE-2025-13070 CSV to SortTable <= 4.2 - Contributor+ LFI

The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks...

6.3AI score0.00376EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.8 views

PT-2025-49802

Name of the Vulnerable Software and Affected Versions CSV to SortTable WordPress plugin versions through 4.2 Description The software does not properly check certain shortcode attributes before using them to create file paths that are then used with include functions. This allows users with...

6.6CVSS6.4AI score0.00376EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/07 6:5 a.m.11 views

CVE-2025-13899

The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS5AI score0.00191EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/06 6:30 a.m.5 views

EUVD-2025-201526

The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS4.6AI score0.00191EPSS
Exploits0References4
NVD
NVD
added 2025/12/06 6:15 a.m.3 views

CVE-2025-13899

The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS0.00191EPSS
Exploits0References3
Rows per page
Query Builder