Lucene search
K

284 matches found

EUVD
EUVD
added 2026/03/07 3:30 a.m.7 views

EUVD-2026-10104

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS5.9AI score0.00187EPSS
Exploits0References5
NVD
NVD
added 2026/03/07 2:16 a.m.5 views

CVE-2026-2722

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS0.00187EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/07 1:21 a.m.36 views

CVE-2026-2722 Stock Ticker <= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS0.00187EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/07 1:21 a.m.5 views

CVE-2026-2722

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS5.9AI score0.00187EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/07 1:21 a.m.2 views

CVE-2026-2722 Stock Ticker <= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS5.9AI score0.00187EPSS
Exploits0References4
CVE
CVE
added 2026/03/07 1:21 a.m.17 views

CVE-2026-2722

The CVE-2026-2722 entry refers to the WordPress Stock Ticker plugin (versions up to and including 3.26.1) being vulnerable to Stored Cross-Site Scripting via admin settings/Templates, exploitable by authenticated administrators (and higher) on multi-site setups where unfiltered_html is disabled. ...

4.8CVSS5.9AI score0.00187EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/03/07 1:9 a.m.5 views

WordPress Stock Ticker plugin <= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Template vulnerability discovered by WordFence in WordPress Plugin Stock Ticker versions = 3.26.1...

4.8CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.8 views

WordPress plugin Stock Ticker 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.8CVSS5.8AI score0.00187EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.11 views

PT-2026-23819

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.26.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

4.8CVSS5.9AI score0.00187EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.16 views

Ditty < 3.1.58 - Server-Side Request Forgery

The plugin lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. v3.1.57 attempted to fix the issue with a nonce check, however any authenticated users, such as subscriber can retrieve it. id:...

8.6CVSS6.9AI score0.16399EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.7 views

CVE-2023-4725

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00402EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.4 views

CVE-2023-40208

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Aleksandar Urošević Stock Ticker plugin = 3.23.3 versions...

7.1CVSS5.8AI score0.0068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/12 10:17 p.m.5 views

CVE-2024-58292

XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...

5.3CVSS5.7AI score0.00374EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/11 9:35 p.m.20 views

CVE-2024-58292 XMB Forum 1.9.12.06 Persistent Cross-Site Scripting via Admin Templates

XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...

5.3CVSS0.00374EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.5 views

PT-2025-50746

Name of the Vulnerable Software and Affected Versions XMB Forum version 1.9.12.06 Description The software contains a persistent cross-site scripting issue. Authenticated administrators can inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in...

5.3CVSS5.8AI score0.00374EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/07 6:5 a.m.8 views

CVE-2025-13656

The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS5AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/06 6:30 a.m.5 views

EUVD-2025-201525

The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS4.7AI score0.00201EPSS
Exploits0References5
NVD
NVD
added 2025/12/06 6:15 a.m.4 views

CVE-2025-13656

The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS0.00201EPSS
Exploits0References4
CVE
CVE
added 2025/12/06 5:49 a.m.21 views

CVE-2025-13656

CVE-2025-13656 (Cute News Ticker, WordPress) is a stored cross-site scripting vulnerability in the Cute News Ticker plugin (WordPress) affecting versions up to 1.0. It stems from insufficient input sanitization and output escaping of the color shortcode attribute, allowing an authenticated attack...

6.4CVSS4.7AI score0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/06 5:49 a.m.2 views

CVE-2025-13656 Cute News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute

The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS4.7AI score0.00201EPSS
Exploits0References4
Rows per page
Query Builder