Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2025/11/27 2:15 p.m.5 views

CVE-2025-13692

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

7.2CVSS0.00181EPSS
Exploits0References7
Snyk
Snykadded 2025/02/25 2:40 a.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the drag-drop action on the Web-UI. An attacker can execute arbitrary JavaScript with the same privileges as the user by tricking them into dragging a maliciously-named, zero-byte file into the interface...

6.1CVSS5.5AI score0.00297EPSS
Exploits1References2
OSV
OSVadded 2024/09/13 3:15 p.m.1 views

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

7.2CVSS5.9AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/09/13 12:0 a.m.2 views

PT-2024-11530 · WordPress · Wp Editor

Name of the Vulnerable Software and Affected Versions: WP Editor plugin for WordPress versions up to, and including 1.2.9 Description: The issue allows deserialization of untrusted input via the current theme root parameter. This enables authenticated attackers with administrative privileges to...

7.2CVSS6.8AI score0.01063EPSS
Exploits0References7
OSV
OSVadded 2022/09/06 6:15 p.m.0 views

CVE-2022-2436

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'filepackagedir' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper tha...

8.8CVSS5.9AI score0.01077EPSS
Exploits0References4
OSV
OSVadded 2020/10/16 11:15 p.m.1 views

CVE-2020-16952

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint...

8.6CVSS7.7AI score0.75075EPSS
Exploits5References2
OSV
OSVadded 2020/03/04 5:6 p.m.2 views

DRUPAL-CONTRIB-2020-005

SVG Formatter module provides support for using SVG images on your website. This security release fixes third-party dependencies included in or required by SVG Formatter. XSS bypass using entities and tab. This vulnerability is mitigated by the fact that an attacker must be able to upload SVG fil...

7AI score
Exploits0References1
OSV
OSVadded 2018/06/21 11:29 a.m.0 views

CVE-2018-0306

A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by...

7.8CVSS6AI score
Exploits0References2
Rows per page
Query Builder