Lucene search
+L

523 matches found

Vulnrichment
Vulnrichment
added 2025/11/14 6:0 a.m.2 views

CVE-2025-10686 Creta Testimonial Showcase < 1.2.4 - Editor+ Local File Inclusion

The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...

6.9AI score0.00475EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/14 6:0 a.m.4 views

EUVD-2025-186559

The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...

7.2CVSS6.8AI score0.00475EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/14 6:0 a.m.13 views

CVE-2025-10686 Creta Testimonial Showcase < 1.2.4 - Editor+ Local File Inclusion

The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...

0.00475EPSS
Exploits0References1
CVE
CVE
added 2025/11/14 6:0 a.m.25 views

CVE-2025-10686

The CVE-2025-10686 has concrete details across multiple sources: Creta Testimonial Showcase WordPress plugin prior to v1.2.4 is vulnerable to Local File Inclusion. Authenticated users with editor-level access or higher can include and execute arbitrary PHP files on the server, enabling code execu...

7.2CVSS6.9AI score0.00475EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/14 12:0 a.m.6 views

WordPress Team Members Showcase plugin cross-site scripting vulnerability

WordPress Team Members Showcase plugin is a tool for displaying team members' information on your WordPress site, supporting multiple layouts e.g., grids, sliders, tables, lists, etc. and providing filtering, popups, paging, and more. A cross-site scripting vulnerability exists in the WordPress...

4.8CVSS6AI score0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.5 views

WordPress plugin Creta Testimonial Showcase 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

7.2CVSS6.5AI score0.00475EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/13 7:11 a.m.7 views

CVE-2025-11560

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins...

7.1CVSS6.5AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/12 6:30 a.m.7 views

EUVD-2025-119995

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins...

6.1CVSS6AI score0.00169EPSS
Exploits0References2
NVD
NVD
added 2025/11/12 6:15 a.m.7 views

CVE-2025-11560

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins...

7.1CVSS0.00169EPSS
Exploits0References1
CVE
CVE
added 2025/11/12 6:0 a.m.24 views

CVE-2025-11560

CVE-2025-11560 — Concrete details exist for the WordPress plugin. The affected software is the Team Members Showcase WordPress plugin (versions before 3.5.0; e.g., ≤3.4.0). The root cause is a lack of sanitization/escaping of a parameter before outputting it on the page, causing a reflected cross...

7.1CVSS6.1AI score0.00169EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/12 6:0 a.m.11 views

CVE-2025-11560 Team Members Showcase < 3.5.0 - Reflected XSS

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins...

0.00169EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/12 6:0 a.m.3 views

CVE-2025-11560 Team Members Showcase < 3.5.0 - Reflected XSS

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins...

6.1AI score0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.4 views

WordPress plugin Team Members Showcase 安全漏洞

WordPress Team Members Showcase plugin is a tool for displaying team members' information on your WordPress site, supporting multiple layouts e.g., grids, sliders, tables, lists, etc. and providing filtering, popups, paging, and more. A cross-site scripting vulnerability exists in the WordPress...

7.1CVSS5.9AI score0.00169EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.12 views

PT-2025-46567

Name of the Vulnerable Software and Affected Versions Team Members Showcase WordPress plugin versions prior to 3.5.0 Description The software does not properly sanitize and escape a parameter before displaying it on a page, creating a reflected cross-site scripting condition. This could potential...

7.1CVSS5.7AI score0.00169EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/11/04 5:7 a.m.5 views

WordPress Centangle Team Showcase plugin <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Centangle Team Showcase versions = 1.0.0...

6.1CVSS5.7AI score0.00142EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/04 4:27 a.m.4 views

CVE-2025-12456 Centangle Team Showcase <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting

The Centangle-Team plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to modify plugin's settings via a forged reques...

6.1CVSS5.2AI score0.00142EPSS
Exploits0References5
Snyk
Snyk
added 2025/10/29 1:39 a.m.4 views

Malicious Package

Overview infobip-calls-showcase is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS6.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.8 views

CVE-2025-32657

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This issue affects Testimonial Slider And Showcase Pro: from n/a...

7.5CVSS7.1AI score0.00573EPSS
Exploits0References1
NVD
NVD
added 2025/10/22 3:15 p.m.9 views

CVE-2025-32657

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This issue affects Testimonial Slider And Showcase Pro: from n/a...

7.5CVSS0.00573EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.12 views

CVE-2025-32657 WordPress Testimonial Slider and Showcase Pro plugin <= 2.1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This issue affects Testimonial Slider And Showcase Pro: from n/a...

7.5CVSS0.00573EPSS
Exploits0References1
Rows per page
Query Builder