Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-43312

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00471EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2022-51813

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00534EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:7 a.m.14 views

CVE-2024-4655

The Ultimate Blocks WordPress plugin before 3.1.9 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.3CVSS5.3AI score0.00447EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:7 a.m.9 views

CVE-2023-5674

The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor...

8.8CVSS7.5AI score0.10826EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.10 views

CVE-2021-24506

The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection...

8.8CVSS7.1AI score0.01362EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/12/26 6:33 p.m.21 views

CVE-2023-5674 WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs/send_mail endpoint

The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor...

9.2AI score0.10826EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/01/30 8:31 p.m.4 views

CVE-2022-4649 WP Extended Search < 2.1.2 - Contributor+ Stored XSS via Shortcode

The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.5AI score0.00484EPSS
Exploits2References1
Rows per page
Query Builder