Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

wpexploit
wpexploitadded 2023/01/17 12:0 a.m.445 views

Widget Shortcode <= 0.3.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS5.1AI score0.00363EPSS
Exploits2
Cvelist
Cvelistadded 2018/08/05 7:0 p.m.10 views

CVE-2018-14959

An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI...

8.7AI score0.00134EPSS
Exploits1References1
CVE
CVEadded 2018/08/03 12:0 a.m.37 views

CVE-2018-14877

WeaselCMS v0.3.5 is affected by a cross-site scripting (XSS) vulnerability on the SETTINGS page. The issue allows injection of JavaScript through the Site Language, Site Title, Site Description, and Site Keywords fields. Some sources describe the attack as remote and exploitative via the affected...

5.4CVSS5.2AI score0.00191EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder