Lucene search
K

284 matches found

CNNVD
CNNVD
added 2025/09/30 12:0 a.m.3 views

WordPress plugin Any News Ticker 跨站脚本漏洞

WordPress Any News Ticker plugin is a functional plugin for adding dynamic scrolling news tickers to your website. WordPress Any News Ticker plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of any-ticker, which can...

6.4CVSS6AI score0.00281EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.5 views

PT-2025-39932

Name of the Vulnerable Software and Affected Versions Any News Ticker plugin for WordPress versions up to and including 3.1.1 Description The Any News Ticker plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'any-ticker' shortcode. Insufficient input sanitization and...

6.4CVSS5.2AI score0.00281EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 11:35 a.m.11 views

CVE-2025-22812

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aezaz Shaikh News Ticker Widget for Elementor news-ticker-widget-for-elementor allows Stored XSS.This issue affects News Ticker Widget for Elementor: from n/a through = 1.3.2...

6.5CVSS7.2AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:20 a.m.4 views

CVE-2024-3647

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post ticker widget in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:4 a.m.5 views

CVE-2024-51830

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fazilatunnesa News Ticker newsticker allows Stored XSS.This issue affects News Ticker: from n/a through = 1.0...

6.5CVSS7.2AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:3 a.m.4 views

CVE-2024-3021

The Mhr Post Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Header Title value in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acces...

4.4CVSS5.8AI score0.00462EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:0 a.m.12 views

CVE-2024-6363

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stockticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:32 a.m.12 views

CVE-2024-25094

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Jura & Nicolas Montigny PJ News Ticker allows Stored XSS.This issue affects PJ News Ticker: from n/a through 1.9.5...

6.5CVSS7.1AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:0 a.m.10 views

CVE-2023-51541

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aleksandar Urošević Stock Ticker allows Stored XSS.This issue affects Stock Ticker: from n/a through 3.23.4...

6.5CVSS6.7AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:31 a.m.8 views

CVE-2023-5432

The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00426EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:42 a.m.5 views

CVE-2023-5430

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS5.9AI score0.00797EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.4 views

CVE-2023-27626

Missing Authorization vulnerability in Aleksandar Urošević Stock Ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Ticker: from n/a through 3.23.0...

5.3CVSS5.1AI score0.00391EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/26 2:50 p.m.11 views

CVE-2025-30533

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gopiplus Message ticker message-ticker allows Stored XSS.This issue affects Message ticker: from n/a through = 9.3...

5.9CVSS7.2AI score0.00347EPSS
Exploits0References1
NVD
NVD
added 2025/03/24 2:15 p.m.16 views

CVE-2025-30533

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gopiplus Message ticker message-ticker allows Stored XSS.This issue affects Message ticker: from n/a through = 9.3...

5.9CVSS0.00347EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/24 1:46 p.m.7 views

CVE-2025-30533 WordPress Message ticker plugin <= 9.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gopiplus Message ticker message-ticker allows Stored XSS.This issue affects Message ticker: from n/a through = 9.3...

5.9CVSS8.6AI score0.00347EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/24 1:46 p.m.24 views

CVE-2025-30533 WordPress Message ticker plugin <= 9.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gopiplus Message ticker message-ticker allows Stored XSS.This issue affects Message ticker: from n/a through = 9.3...

5.9CVSS0.00347EPSS
Exploits0References1
CVE
CVE
added 2025/03/24 1:46 p.m.63 views

CVE-2025-30533

CVE-2025-30533 is an authenticated stored XSS vulnerability in the WordPress plugin Message ticker (version ≤ 9.3). The vulnerability allows an attacker with Administrator+ privileges to inject malicious script through input during web page generation, leading to stored Cross-Site Scripting. The ...

5.9CVSS7.2AI score0.00347EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/24 1:31 p.m.11 views

WordPress Message ticker plugin <= 9.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Message ticker versions = 9.3...

5.9CVSS6.2AI score0.00347EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.3 views

WordPress plugin Message ticker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

5.9CVSS7.8AI score0.00347EPSS
Exploits0References2
OSV
OSV
added 2025/02/26 1:15 p.m.4 views

CVE-2024-13630

The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.0059EPSS
Exploits1References1
Rows per page
Query Builder