Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.5 views

CVE-2025-13887

The AI BotKit – AI Chatbot & Live Support for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the aibotkitwidget shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5AI score0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.5 views

PT-2026-1611

Name of the Vulnerable Software and Affected Versions AI BotKit – AI Chatbot & Live Support for WordPress plugin versions through 1.1.7 Description The AI BotKit – AI Chatbot & Live Support for WordPress plugin is susceptible to Stored Cross-Site Scripting. This occurs due to inadequate input...

6.4CVSS6.1AI score0.00188EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-13628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to...

6.1CVSS6.3AI score0.02233EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2024/06/07 5:15 a.m.6 views

CVE-2024-5640

The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and...

6.4CVSS6.1AI score0.00321EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.5 views

PT-2024-20914 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.6 Description: The issue is related to Stored Cross-Site Scripting via widget id attributes due to insufficient input sanitization and output escaping on...

6.4CVSS5.9AI score0.00406EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.4 views

PT-2024-22866 · WordPress · Sydney Toolbox

Name of the Vulnerable Software and Affected Versions: Sydney Toolbox plugin for WordPress versions up to, and including, 1.26 Description: The issue is related to Stored Cross-Site Scripting via the id attribute of widgets due to insufficient input sanitization and output escaping on user-suppli...

6.4CVSS7.9AI score0.0034EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.6 views

PT-2024-18029 · WordPress · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor plugin for WordPress versions up to, and including, 5.4.0 Description: The issue is related to Stored Cross-Site Scripting via the id attribute of the Header Meta Content widget due to insufficient input...

6.4CVSS8AI score0.00343EPSS
Exploits0References5
wpexploit
wpexploit
added 2023/01/19 12:0 a.m.511 views

Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 1. Insert a...

5.4CVSS5.1AI score0.00477EPSS
Exploits2
OSV
OSV
added 2020/05/27 4:15 p.m.9 views

UBUNTU-CVE-2020-13628

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

6.1CVSS6.5AI score0.02233EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2019/09/26 12:0 a.m.5 views

PT-2019-7395 · WordPress · Dynamic Widgets

Name of the Vulnerable Software and Affected Versions: dynamic-widgets plugin versions prior to 1.5.11 Description: The issue concerns a cross-site scripting XSS problem. It can be exploited via the "action=term tree" prefix or the widget id parameter in the "/wp-admin/admin-ajax.php" API endpoin...

5.4CVSS5.9AI score0.01044EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2018/10/16 5:38 p.m.4 views

foreman: SQL injection due to improper handling of the widget id parameter

An input sanitization flaw was found in the id field of the dashboard controller. A user could use this flaw to perform a SQL injection attack on the back-end database...

6.5CVSS5.8AI score0.01378EPSS
Exploits0References4
Rows per page
Query Builder