Lucene search
+L

13 matches found

redhatcve
redhatcve
added 2026/06/10 8:59 a.m.12 views

CVE-2026-8841

The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping in the rxstgshortcode function, which...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References1
nvd
nvd
added 2026/01/24 8:16 a.m.7 views

CVE-2025-13676

The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on the PHPSELF server variable. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00255EPSS
Exploits0References3
cve
cve
added 2025/12/11 3:27 a.m.29 views

CVE-2025-10163

Summary: WordPress plugin List category posts (versions

6.5CVSS6.2AI score0.00297EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/12/06 12:0 a.m.10 views

PT-2025-49347

The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclap button shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5AI score0.00205EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/09/27 8:44 a.m.15 views

CVE-2025-60181

Server-Side Request Forgery SSRF vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Server Side Request Forgery.This issue affects Silencesoft RSS Reader: from n/a through = 0.6...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References1
patchstack
patchstack
added 2025/09/19 2:43 p.m.6 views

WordPress Author: Munzir plugin <= 0.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Author: Munzir versions = 0.9...

7.1CVSS6.1AI score0.00228EPSS
Exploits0Affected Software1
redhatcve
redhatcve
added 2025/05/21 7:3 p.m.4 views

CVE-2025-43832

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in andreyk Remote Images Grabber remote-images-grabber allows Reflected XSS.This issue affects Remote Images Grabber: from n/a through = 0.6...

7.1CVSS7.2AI score0.00185EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/04/25 4:52 p.m.11 views

CVE-2025-27337

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kontur Fontsampler fontsampler allows Reflected XSS.This issue affects Fontsampler: from n/a through = 0.4.14...

7.1CVSS7.2AI score0.00257EPSS
Exploits0References1
cve
cve
added 2025/04/03 1:27 p.m.73 views

CVE-2025-31558

TailPress (TailPress – Tailwind for WordPress) vulnerability CVE-2025-31558 affects TailPress versions up to and including 0.4.4. The issue is described as an Insertion of Sensitive Information into Externally-Accessible File or Directory, enabling retrieval of embedded sensitive data. The availa...

5.8CVSS7.2AI score0.00359EPSS
Exploits0References1
patchstack
patchstack
added 2024/11/11 8:32 a.m.8 views

WordPress DigiPass plugin <= 0.3.0 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin DigiPass versions = 0.3.0...

7.5CVSS7AI score0.0055EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2024/05/16 1:2 a.m.7 views

WordPress Menu Icons by ThemeIsle plugin <= 0.13.13 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG Upload vulnerability discovered by wesley wcraft in WordPress Plugin Menu Icons by ThemeIsle versions = 0.13.13...

6.4CVSS5.8AI score0.00371EPSS
Exploits0References1Affected Software1
osv
osv
added 2021/08/16 7:15 p.m.6 views

CVE-2021-34649

The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dark parameter in the /titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2...

6.1CVSS5.8AI score0.00895EPSS
Exploits1References2
osv
osv
added 2017/07/18 3:29 p.m.2 views

ALPINE-CVE-2017-7506

spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak...

8.8CVSS6.9AI score0.04204EPSS
Exploits0References1
Rows per page
Query Builder