Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-18255

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00225EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-27696

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.0032EPSS
Exploits0References2
NVD
NVD
added 2025/07/29 4:15 a.m.2 views

CVE-2025-7809

The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS0.00218EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/06/11 12:12 p.m.6 views

WordPress Track, Analyze & Optimize by WP Tao plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ryan Novotny in WordPress Plugin Track, Analyze & Optimize by WP Tao versions = 1.3...

7.1CVSS5.9AI score0.00222EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:29 a.m.9 views

CVE-2024-5763

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the videodate attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient inpu...

6.4CVSS5.8AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:34 a.m.6 views

CVE-2015-10101

A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be...

6.1CVSS5.9AI score0.00583EPSS
Exploits0References1
CVE
CVE
added 2025/05/15 8:7 p.m.31 views

CVE-2024-13619

The CVE-2024-13619 entry concerns the WordPress plugin LifterLMS prior to 8.0.1. The vulnerability is a Reflected XSS caused by insufficient sanitisation/escaping of an input parameter before it is echoed back on the page, which could impact high-privilege users such as admins. Public references ...

6.1CVSS6.1AI score0.00521EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/17 3:47 p.m.4 views

CVE-2025-32588 WordPress Credova_Financial plugin <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Credova Financial CredovaFinancial allows Reflected XSS. This issue affects CredovaFinancial: from n/a through 2.4.8...

7.1CVSS6.9AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/26 2:24 p.m.13 views

CVE-2025-23704 WordPress Your Lightbox plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Reuven Karasik Your Lightbox your-lightbox allows Reflected XSS.This issue affects Your Lightbox: from n/a through = 1.0...

7.1CVSS0.00366EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/16 8:7 p.m.18 views

CVE-2025-23897 WordPress Apply with LinkedIn buttons plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ivobrett Apply with LinkedIn buttons apply-with-linkedin-buttons allows DOM-Based XSS.This issue affects Apply with LinkedIn buttons: from n/a through = 2.3...

6.5CVSS0.00357EPSS
Exploits0References1
CVE
CVE
added 2024/12/12 3:23 a.m.44 views

CVE-2024-11427

CVE-2024-11427 affects the WordPress Catch Popup plugin (versions

6.4CVSS5.8AI score0.00431EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/16 3:48 p.m.1 views

CVE-2021-24559 Qyrr < 0.7 - Authenticated (contributor+) Stored XSS

The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...

5.4AI score0.00218EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/08/30 12:18 p.m.10 views

CVE-2023-25462 WordPress WP htaccess Control Plugin <= 3.5.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP htaccess Control plugin = 3.5.1 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/09/10 1:32 p.m.4 views

CVE-2021-38350 spideranalyse <= 0.0.1 Reflected Cross-Site Scripting

The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the /analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1...

6.1CVSS6.4AI score0.00866EPSS
Exploits1References2
Rows per page
Query Builder