Lucene search
K

933 matches found

Patchstack
Patchstack
added 2025/12/15 5:48 p.m.10 views

WordPress JetWidgets For Elementor plugin <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets vulnerability discovered by zer0gh0st in WordPress Plugin JetWidgets For Elementor versions = 1.0.20...

6.4CVSS5.5AI score0.00195EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/14 8:45 a.m.9 views

CVE-2025-8195

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5AI score0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.5 views

EUVD-2025-203247

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS4.7AI score0.00195EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/13 8:21 a.m.30 views

CVE-2025-8195 JetWidgets For Elementor <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00195EPSS
Exploits0References5
CVE
CVE
added 2025/12/13 8:21 a.m.26 views

CVE-2025-8195

CVE-2025-8195 affects the WordPress plugin JetWidgets For Elementor. It is a stored cross-site scripting (XSS) vulnerability in the Image Comparison and Subscribe widgets, exploitable in all versions up to 1.0.20. The root cause is insufficient input sanitization and output escaping on user-suppl...

6.4CVSS4.7AI score0.00195EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/13 8:21 a.m.4 views

CVE-2025-8195 JetWidgets For Elementor <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS4.7AI score0.00195EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.5 views

WordPress plugin JetWidgets For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

6.4CVSS6AI score0.00195EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.6 views

PT-2025-51105

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Comparison and Subscribe widgets in all versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5AI score0.00195EPSS
Exploits0References5
EUVD
EUVD
added 2025/12/02 9:28 a.m.6 views

EUVD-2025-200218

Mattermost versions 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does...

3.1CVSS6.2AI score0.00193EPSS
Exploits0References2
CNVD
CNVD
added 2025/11/27 12:0 a.m.4 views

WordPress Plugin YouTube Subscribe Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. The WordPress plugin YouTube Subscribe suffers from a cross-site scripting vulnerability that...

4.4CVSS5.9AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/26 7:59 a.m.14 views

CVE-2025-12025

The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...

4.4CVSS5AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2025/11/25 8:15 a.m.6 views

CVE-2025-12025

The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...

4.4CVSS0.00201EPSS
Exploits0References4
CVE
CVE
added 2025/11/25 7:28 a.m.28 views

CVE-2025-12025

CVE-2025-12025 affects the WordPress YouTube Subscribe plugin (versions

4.4CVSS4.7AI score0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/25 7:28 a.m.7 views

CVE-2025-12025 YouTube Subscribe <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID

The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...

4.4CVSS4.7AI score0.00201EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.27 views

CVE-2025-12025 YouTube Subscribe <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID

The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...

4.4CVSS0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/25 7:28 a.m.6 views

EUVD-2025-199573

The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...

4.4CVSS4.6AI score0.00201EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/11/25 12:7 a.m.7 views

WordPress YouTube Subscribe plugin <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via Title and Channel ID vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin YouTube Subscribe versions = 3.0.0...

4.4CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.4 views

WordPress plugin YouTube Subscribe 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. The WordPress plugin YouTube Subscribe suffers from a cross-site scripting vulnerability that...

4.4CVSS5.8AI score0.00201EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/24 2:58 p.m.3 views

EUVD-2025-198817

Malicious code in scgs-capacitor-subscribe npm...

6.6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 2:58 p.m.7 views

Malicious code in scgs-capacitor-subscribe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3fb81fa33f5db11bebf15b6af6f18a63ca129349c0d7bcaf729dc27f69d63f2 The package scgs-capacitor-subscribe was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
Rows per page
Query Builder