Lucene search
K

28 matches found

OSV
OSV
added 2026/03/30 7:42 p.m.10 views

CVE-2026-31799 Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

4.9CVSS5.9AI score0.004EPSS
Exploits1References4
CVE
CVE
added 2026/02/02 6:0 a.m.15 views

CVE-2025-15396

The Library Viewer WordPress plugin (before 3.2.0) is vulnerable to Reflected Cross-Site Scripting due to inadequate sanitisation/escaping of certain parameters, potentially impacting high-privilege users (e.g., admins). Affected product/version: Library Viewer WordPress plugin

7.1CVSS5.9AI score0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.19 views

CVE-2025-1798

The does not sanitise and escape some parameters when outputting them back in a page, allowing unauthenticated users the ability to perform stored Cross-Site Scripting attacks...

6.1CVSS6.1AI score0.00158EPSS
Exploits1References1
OSV
OSV
added 2025/12/02 1:15 p.m.5 views

CVE-2025-11779

Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi'...

9.8CVSS6.1AI score0.01334EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-11254

Malware in sbrugna...

8.8CVSS8.7AI score0.01586EPSS
Exploits2References3
CVE
CVE
added 2025/09/23 6:0 a.m.12 views

CVE-2025-8282

CVE-2025-8282 affects the SureForms WordPress plugin prior to 1.9.1. The issue is an input sanitization/escaping flaw in parameters output on pages, enabling stored Cross‑Site Scripting (XSS) for admin and higher-privilege users. Impact is admin users could inject malicious scripts into pages ren...

3.5CVSS5.6AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.8 views

CVE-2021-24849

The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections...

9.8CVSS7.5AI score0.0848EPSS
Exploits2References1
CVE
CVE
added 2025/03/25 6:0 a.m.59 views

CVE-2025-1798

CVE-2025-1798 is an unauthenticated stored XSS in Design Comuni Italia WordPress Theme prior to 1.1.2, caused by unescaped/sanitised parameters in output, enabling stored XSS. Affected: Design Comuni Italia Theme (

6.1CVSS6.1AI score0.00158EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/27 12:0 a.m.7 views

PT-2025-1986 · WordPress · Dental Optimizer Patient Generator App

Name of the Vulnerable Software and Affected Versions: Dental Optimizer Patient Generator App WordPress plugin versions 1.0 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the pag...

7.1CVSS6.3AI score0.00316EPSS
Exploits1References6
NVD
NVD
added 2024/12/10 6:15 a.m.16 views

CVE-2024-11107

The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks...

6.1CVSS0.00333EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2024/03/07 12:0 a.m.19 views

My Calendar < 3.4.24 - Authenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks depending on the permissions set by the admin PoC 1. Use any type of role as long as you permit it the action to Add Events. 2. Add...

5.9AI score0.00425EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/22 12:0 a.m.3 views

PT-2024-15222 · WordPress · Meris

Name of the Vulnerable Software and Affected Versions: Meris WordPress theme versions 1.1.2 and earlier Description: The issue is related to Reflected Cross-Site Scripting, which occurs because the theme does not properly sanitise and escape certain parameters before outputting them back in the...

6.1CVSS6.4AI score0.00331EPSS
Exploits1References5
WPVulnDB
WPVulnDB
added 2023/10/27 12:0 a.m.11 views

WooCommerce PDF Invoice Builder < 1.2.104 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/26 12:0 a.m.12 views

Peter’s Custom Anti-Spam < 3.2.3 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00437EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/02 12:0 a.m.16 views

FooGallery < 2.3.2 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00351EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/26 12:0 a.m.16 views

AcyMailing SMTP Newsletter < 8.6.3 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/10 12:0 a.m.27 views

Contact Form Generator < 2.6.0 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.01231EPSS
Exploits3Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/02 12:0 a.m.3 views

PT-2023-13959 · WordPress · Superio

Name of the Vulnerable Software and Affected Versions: Superio WordPress theme affected versions not specified Description: The issue concerns the Superio WordPress theme, which does not properly sanitise and escape certain parameters. This could allow users with a role as low as a subscriber to...

5.4CVSS6.3AI score0.00484EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2022/12/12 12:0 a.m.5 views

PT-2022-24842 · WordPress · Buddybadges

Name of the Vulnerable Software and Affected Versions: buddybadges WordPress plugin versions 1.0.0 and earlier Description: The issue is related to a SQL injection that occurs because a parameter is not properly sanitised and escaped before being used in a SQL statement. This can be exploited by...

7.2CVSS7.1AI score0.00964EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2022/09/19 2:15 p.m.3 views

CVE-2022-2958

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...

8.8CVSS5.9AI score0.00994EPSS
Exploits2References2
Rows per page
Query Builder