Lucene search
K

150 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.4 views

CVE-2025-14875

The HBLPAY Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cusdata’ parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS5.6AI score0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.8 views

PT-2026-2139

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.14.0 Description Directus is a real-time API and App dashboard for managing SQL database content. An open redirect exists in the Directus SAML authentication callback endpoint. The RelayState parameter, intended t...

6.1CVSS7.3AI score0.00196EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.5 views

PT-2026-1560

Name of the Vulnerable Software and Affected Versions WP Photo Album Plus plugin for WordPress versions up to and including 9.1.05.008 Description The WP Photo Album Plus plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the shortcode parameter. Insufficient input...

7.1CVSS5.8AI score0.0023EPSS
Exploits0References10
OSV
OSV
added 2026/01/06 7:22 p.m.4 views

GHSA-3573-4C68-G8CC Directus has open redirect in SAML

Security Advisory: Open Redirect in Directus SAML Authentication Summary An open redirect vulnerability exists in the Directus SAML authentication callback endpoint. The RelayState parameter is used in redirects without proper validation against an allowlist of permitted domains. Vulnerability...

4.3CVSS7AI score0.00196EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/12/05 11:29 a.m.691 views

Exploit for CVE-2025-55182

React2Shell: RCE 0-day in React Server Components CVE-2025-5...

10CVSS8.7AI score0.99562EPSS
Exploits386
CVE
CVE
added 2025/12/05 6:7 a.m.18 views

CVE-2025-13515

CVE-2025-13515 refers to the Nouri.sh Newsletter WordPress plugin vulnerability. The issue is a Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] parameter in all versions up to and including 1.0.1.3, caused by insufficient input sanitization and output escaping. The Wordfence detail co...

6.1CVSS5.3AI score0.00204EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 6:7 a.m.3 views

CVE-2025-13515 Nouri.sh Newsletter <= 1.0.1.3 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.3AI score0.00204EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/05 5:31 a.m.6 views

EUVD-2025-201383

The CoSign Single Signon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.2AI score0.00204EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.2 views

WordPress plugin Time Sheets 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.5AI score0.00102EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/04 5:24 a.m.2 views

CVE-2025-13513 Clik stats <= 0.8 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.3AI score0.00208EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2025/11/24 12:0 a.m.144 views

📄 Flowise Custom MCP Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Flowise versions greater than or equal to 2.2.7-patch.1 and less than 3.0.1. The vulnerability exists in the customMCP endpoint /api/v1/node-load-method/customMCP located in...

9.8CVSS8.6AI score0.70866EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.3 views

CVE-2025-13206

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 4.13.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.3AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.5 views

PT-2025-46868

Name of the Vulnerable Software and Affected Versions Linksys E1200 v2 router firmware versions prior to 2.0.11.001 us Description A flaw exists in the validate static route function of the httpd binary. This function does not properly check the size of data when combining CGI parameters – route...

7.5CVSS7.7AI score0.01286EPSS
Exploits1References7
Wordfence Blog
Wordfence Blog
added 2025/10/29 7:14 p.m.7 views

Attackers Actively Exploiting Critical Vulnerability in WP Freeio Plugin

On September 25th, 2025, we received a submission for a Privilege Escalation vulnerability in WP Freeio, a WordPress plugin bundled in the Freeio premium theme with more than 1,700 sales. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative...

9.8CVSS6.8AI score0.00564EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/27 9:32 a.m.12 views

CVE-2025-62716

Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?nextpath query parameter allows attackers to supply arbitrary schemes e.g., javascript: that are passed directly to router.push. This results in a cross-site scripting XSS vulnerabilit...

8.1CVSS6.4AI score0.00304EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/24 8:6 p.m.8 views

CVE-2025-62716 Plane Vulnerable to Cross-Site Scripting via Open Redirect in ?next_path Parameter

Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?nextpath query parameter allows attackers to supply arbitrary schemes e.g., javascript: that are passed directly to router.push. This results in a cross-site scripting XSS vulnerabilit...

8.1CVSS0.00304EPSS
Exploits0References1
CVE
CVE
added 2025/10/24 8:6 p.m.13 views

CVE-2025-62716

Plane is an open-source project management tool. A vulnerability in versions prior to 1.1.0 is an open redirect in the ?next_path query parameter that accepts arbitrary schemes (e.g., javascript:) and passes them to router.push, causing cross-site scripting (XSS). The issue can be exploited witho...

8.1CVSS6.1AI score0.00304EPSS
Exploits0References1
OSV
OSV
added 2025/10/24 8:6 p.m.6 views

CVE-2025-62716 Plane Vulnerable to Cross-Site Scripting via Open Redirect in ?next_path Parameter

Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?nextpath query parameter allows attackers to supply arbitrary schemes e.g., javascript: that are passed directly to router.push. This results in a cross-site scripting XSS vulnerabilit...

8.1CVSS6.5AI score0.00304EPSS
Exploits0References3
CVE
CVE
added 2025/10/18 3:33 a.m.17 views

CVE-2020-36853

The CVE-2020-36853 entry concerns the WordPress plugin 10WebMapBuilder, with a Stored Cross-Site Scripting (XSS) vulnerability affecting versions up to and including 1.0.63. The issue stems from insufficient input sanitization and output escaping and a lack of capability checks in the Plugin Sett...

7.2CVSS4.8AI score0.00347EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-5241

Malware in sbrugna...

10CVSS6.4AI score0.02322EPSS
Exploits0References5
Rows per page
Query Builder