Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/07/03 7:53 a.m.35 views

CVE-2026-4804 Zakra <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta REST API

The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...

6.4CVSS0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.13 views

PT-2026-33001

immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...

5.1CVSS5.6AI score0.00206EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/10 3:35 a.m.4 views

CVE-2026-2305

The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the aFhfcheadcode, aFhfcbodycode, and aFhfcfootercode post meta values in all versions up to, and including, 2.3. This is due to the plugin outputting these meta values without any sanitization or...

6.4CVSS6.1AI score0.002EPSS
Exploits0References9
CNVD
CNVD
added 2025/09/12 12:0 a.m.2 views

WordPress Duplicate Page and Post plugin SQL Injection Vulnerability

WordPress Duplicate Page and Post plugin is a plugin for quickly duplicating pages or posts, supporting one-click cloning of existing content and saving it to draft, private or public status, for users who need to batch process website content. WordPress Duplicate Page and Post plugin suffers fro...

6.5CVSS7.9AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.6 views

PT-2024-15093 · WordPress · Custom Fields Shortcode Plugin

Name of the Vulnerable Software and Affected Versions: Custom fields shortcode plugin for WordPress version 0.1 and earlier Description: The issue arises from insufficient input sanitization and output escaping on user-supplied custom post meta values, allowing authenticated attackers with...

6.4CVSS9.2AI score0.00413EPSS
Exploits0References7
Rows per page
Query Builder