Lucene search
K

155 matches found

Patchstack
Patchstack
added 2025/12/02 9:24 a.m.10 views

WordPress Backup Migration plugin <= 1.4.9 - Information Exposure to Unauthenticated Back-up Download vulnerability

Information Exposure to Unauthenticated Back-up Download vulnerability discovered by ymmfty0 in WordPress Plugin Backup Migration versions = 1.4.9...

5.9CVSS6.6AI score0.00253EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.5 views

CVE-2025-52743

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik-privacy-policy oik-privacy-policy allows Reflected XSS.This issue affects oik-privacy-policy: from n/a through = 1.4.10...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.3 views

CVE-2025-52743 WordPress oik-privacy-policy plugin <= 1.4.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik-privacy-policy oik-privacy-policy allows Reflected XSS.This issue affects oik-privacy-policy: from n/a through = 1.4.10...

7.1CVSS5.2AI score0.00228EPSS
Exploits0References1
CVE
CVE
added 2025/10/22 2:32 p.m.8 views

CVE-2025-52743

CVE-2025-52743 describes a Reflected XSS in the WordPress plugin oik-privacy-policy (bobbingwide) with vulnerable versions up to 1.4.9 per the CVE/NVD/Red Hat entries. Public sources also indicate a remediation path: update to a version greater than 1.4.9 (PatchStack references 1.4.10 and beyond)...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/22 2:32 p.m.12 views

CVE-2025-52743 WordPress oik-privacy-policy plugin <= 1.4.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik-privacy-policy oik-privacy-policy allows Reflected XSS.This issue affects oik-privacy-policy: from n/a through = 1.4.10...

7.1CVSS0.00228EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.17 views

EUVD-2020-23212

Malware in sbrugna...

9.8CVSS9.2AI score0.03803EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-26916

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-51759

Malicious code in bioql PyPI...

5.9CVSS6.2AI score0.00394EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-35545

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Time-based SQL injection exists in Spotweb 1.4.9 via the query string. CVE-2020-35545 Note that Nessus relies on the presence of the package as reported by the...

9.8CVSS8.5AI score0.03803EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/09/07 2:32 p.m.7 views

CVE-2025-58861

Cross-Site Request Forgery CSRF vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Stored XSS.This issue affects Quick Event Calendar: from n/a through = 1.4.9...

7.1CVSS5.9AI score0.00108EPSS
Exploits0References1
NVD
NVD
added 2025/09/05 2:16 p.m.13 views

CVE-2025-58861

Cross-Site Request Forgery CSRF vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Stored XSS.This issue affects Quick Event Calendar: from n/a through = 1.4.9...

7.1CVSS0.00108EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/05 1:45 p.m.4 views

CVE-2025-58861 WordPress Quick Event Calendar Plugin <= 1.4.9 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Corner Quick Event Calendar quick-event-calendar allows Stored XSS.This issue affects Quick Event Calendar: from n/a through = 1.4.9...

7.1CVSS5.9AI score0.00108EPSS
Exploits0References1
CVE
CVE
added 2025/09/05 1:45 p.m.14 views

CVE-2025-58861

CVE-2025-58861 affects the WordPress plugin Quick Event Calendar (versions n/a–1.4.9). The issue is a Cross-Site Request Forgery (CSRF) vulnerability that enables Stored XSS. CVSS 3.1 base score 7.1 (HIGH) with network attack vector, no privileges required, user interaction required, and impact t...

7.1CVSS5.9AI score0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.7 views

PT-2025-36200

Name of the Vulnerable Software and Affected Versions: Quick Event Calendar versions n/a through 1.4.9 Description: A Cross-Site Request Forgery CSRF vulnerability exists in WP Corner Quick Event Calendar, which also allows Stored Cross-Site Scripting XSS. Recommendations: Update Quick Event...

7.1CVSS5.4AI score0.00108EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.2 views

Slink 安全漏洞

Slink is a self-hosted image sharing service by the individual developer Andrii Kryvoviaz. A security vulnerability exists in Slink v1.4.9, which stems from the vulnerability of specially crafted SVG uploads to stored cross-site scripting attacks...

6.1CVSS5.8AI score0.00251EPSS
Exploits1References3
OSV
OSV
added 2025/09/03 12:0 a.m.3 views

CVE-2025-55944

Slink v1.4.9 allows stored cross-site scripting XSS via crafted SVG uploads. When a user views the shared image in a new browser tab, the embedded JavaScript executes. The issue affects both authenticated and unauthenticated users...

6.1CVSS5.8AI score0.00251EPSS
Exploits1References4
NVD
NVD
added 2025/07/16 12:15 p.m.5 views

CVE-2025-47645

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic allows SQL Injection.This issue affects ELEX WooCommer...

8.5CVSS0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/16 11:28 a.m.3 views

CVE-2025-47645 WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Subscriber+ SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes allows SQL Injection. This issue affects ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes: from n/a...

8.5CVSS7.2AI score0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/16 11:28 a.m.12 views

CVE-2025-47645 WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Subscriber+ SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes elex-bulk-edit-products-prices-attributes-for-woocommerce-basic allows SQL Injection.This issue affects ELEX WooCommer...

8.5CVSS0.00322EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/07/15 12:24 p.m.10 views

WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Subscriber+ SQL Injection vulnerability

Subscriber+ SQL Injection vulnerability discovered by astra.r3verii in WordPress Plugin ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes versions = 1.4.9...

8.5CVSS7.8AI score0.00322EPSS
Exploits0Affected Software1
Rows per page
Query Builder