Lucene search
K

4 matches found

CVE
CVE
added 2025/10/27 1:34 a.m.8 views

CVE-2025-62949

CVE-2025-62949 relates to a Cross-Site Scripting (XSS) vulnerability in the WordPress/BuddyPress plugin chain: Activity Plus Reloaded for BuddyPress (bp-activity-plus-reloaded) with versions up to and including 1.1.2. The issue is described as an improper neutralization of input during web page g...

6.5CVSS5.6AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.7 views

PT-2025-14457 · WordPress · Insert Headers/Footers Code – Ht Script

Name of the Vulnerable Software and Affected Versions: The Insert Headers and Footers Code – HT Script plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is related to a missing capability check on the ajax dismiss function, allowing authenticated attackers with...

6.5CVSS6.8AI score0.00269EPSS
Exploits0References7
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.11 views

WordPress CRM Perks Forms Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software CRM Perks Forms Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51536 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e48c62e620dc Credits Huynh Tien Si Required privilege...

5.9CVSS6.5AI score0.00336EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/17 12:0 a.m.16 views

WordPress Contact Form to Any API Plugin <= 1.1.2 is vulnerable to SQL Injection

Software Contact Form to Any API Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-32741 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 7672258ac26c Credits Arvandy Required privilege Administrator...

7.2CVSS6.8AI score0.00557EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder