Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-12355

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00471EPSS
Exploits2References1
CNVD
CNVD
added 2024/06/07 12:0 a.m.7 views

WordPress Weaver Xtreme Theme Support plugin cross-site scripting vulnerability (CNVD-2024-26460)

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6.1AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2024/06/05 8:15 a.m.21 views

CVE-2024-4939

The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS5.7AI score0.00273EPSS
Exploits0References2
CVE
CVE
added 2023/10/16 7:38 p.m.44 views

CVE-2023-4971

CVE-2023-4971 affects the WordPress plugin Weaver Xtreme Theme Support prior to version 6.3.1. The root cause is unserialising the contents of an imported file, which could enable PHP object injection when a high-privilege user imports a malicious file and a suitable gadget chain is present on th...

7.2CVSS6.9AI score0.00976EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/10/16 7:38 p.m.24 views

CVE-2023-4971 Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection

The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...

7.2AI score0.00976EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/04/24 6:30 p.m.6 views

CVE-2023-0276 Weaver Xtreme Theme Support < 6.2.7 - Contributor+ Stored XSS

The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.8AI score0.00471EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.5 views

PT-2023-16134 · WordPress · Weaver Xtreme Theme Support

Name of the Vulnerable Software and Affected Versions: Weaver Xtreme Theme Support WordPress plugin versions prior to 6.2.7 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to perform...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References4
Patchstack
Patchstack
added 2023/03/15 12:0 a.m.7 views

WordPress Weaver Xtreme Theme Support Plugin <= 5.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Weaver Xtreme Theme Support Type Plugin Vulnerable versions = 5.0.2 Fixed in 6.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7fef1f764ecf Credits Unknown Required...

5.9AI score
Exploits0References1Affected Software1
Rows per page
Query Builder