Lucene search
K

175 matches found

Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.8 views

PT-2026-2357

Name of the Vulnerable Software and Affected Versions WPForms version 1.7.8 Description The software contains a cross-site scripting issue in the slider import search feature and tab parameter. An attacker can inject malicious scripts through the /ListTable.php endpoint to execute arbitrary...

6.1CVSS6AI score0.00307EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.6 views

Wordpress plugin WPForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site...

6.1CVSS5.8AI score0.00307EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.6 views

CVE-2019-11426

An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter...

6.1CVSS6.1AI score0.00826EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-1418

Malware in sbrugna...

4.3CVSS6.4AI score0.01776EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-54884

Malicious code in bioql PyPI...

6.6CVSS6.6AI score0.00638EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2025-31510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting XSS allows remote attackers to inject arbitrary web script or HTML into the login page via th...

7.2CVSS5.9AI score0.00378EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/18 4:31 a.m.6 views

CVE-2024-8393

The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary...

6.6CVSS8AI score0.00638EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/16 3:38 a.m.9 views

CVE-2024-8393 Woocommerce Blocks – Woolook <= 1.7.0 - Authenticated (Admin+) Local File Inclusion

The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary...

6.6CVSS0.00638EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/16 3:38 a.m.5 views

CVE-2024-8393 Woocommerce Blocks – Woolook <= 1.7.0 - Authenticated (Admin+) Local File Inclusion

The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary...

6.6CVSS7.9AI score0.00638EPSS
Exploits0References2
CVE
CVE
added 2025/08/16 3:38 a.m.16 views

CVE-2024-8393

CVE-2024-8393 / CVE-2024-8393 (Woocommerce Blocks – Woolook) affects the WordPress plugin “Woocommerce Blocks – Woolook” up to version 1.7.0. The underlying issue is a Local File Inclusion via the tab parameter, exploitable by authenticated users with Administrator-level access and above, potenti...

6.6CVSS7.9AI score0.00638EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:12 a.m.7 views

CVE-2024-0979

The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS5.6AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.3 views

CVE-2024-10685

The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS5.5AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.6 views

CVE-2023-0942

The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS5.4AI score0.01213EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:57 a.m.6 views

CVE-2023-1080

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS5.7AI score0.0126EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:27 p.m.4 views

CVE-2022-0621

The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.7AI score0.00788EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:3 p.m.5 views

CVE-2021-24234

The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to...

6.1CVSS6.2AI score0.01173EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:1 p.m.7 views

CVE-2021-24275

The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...

6.1CVSS6.1AI score0.18165EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:32 p.m.5 views

CVE-2021-24286

The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue...

6.1CVSS6.1AI score0.13942EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:31 p.m.5 views

CVE-2021-24287

The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue...

6.1CVSS6.1AI score0.10358EPSS
Exploits5References1
OSV
OSV
added 2025/01/30 2:15 p.m.4 views

CVE-2024-12320

The Team Rosters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

6.1CVSS5.9AI score0.00317EPSS
Exploits0References3
Rows per page
Query Builder