Lucene search
K

116 matches found

OSV
OSV
added 2023/08/05 11:15 p.m.2 views

CVE-2023-30491

Unauth. Reflected Cross-Site Scripting XSS vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin = 2.1.8 versions...

6.1CVSS7.3AI score0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/18 12:17 p.m.33 views

CVE-2023-25036 WordPress Social Media Icons Widget Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in akhlesh-nagar, a.Ankit Social Media Icons Widget plugin = 1.6 versions...

4.3CVSS9AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/18 12:17 p.m.10 views

CVE-2023-25036 WordPress Social Media Icons Widget Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in akhlesh-nagar, a.Ankit Social Media Icons Widget plugin = 1.6 versions...

4.3CVSS7.1AI score0.00214EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.6 views

WordPress Video Reviews / Video Widget Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Video Reviews / Video Widget Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7dac09181d24 Credits Rafie Muhammad...

6.2AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.9 views

WordPress Blog Sidebar Widget Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Blog Sidebar Widget Type Plugin Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7ae8bbf8a06a Credits Rafie Muhammad Patchstack...

6.8AI score0.00284EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/07/12 4:38 a.m.29 views

CVE-2023-3369

CVE-2023-3369 refers to the About Me 3000 widget for WordPress. A Stored Cross-Site Scripting (XSS) flaw exists in admin settings for versions up to and including 2.2.6 due to insufficient input sanitization and output escaping. Impact is limited to authenticated attackers with administrator-leve...

4.8CVSS4.9AI score0.0037EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/07/11 8:15 a.m.22 views

CVE-2023-25468

Cross-Site Request Forgery CSRF vulnerability in Reservation.Studio Reservation.Studio widget plugin = 1.0.11 versions...

8.8CVSS5.8AI score0.00269EPSS
Exploits0References1
CVE
CVE
added 2023/07/11 7:42 a.m.43 views

CVE-2023-25468

CVE-2023-25468 is a CSRF vulnerability in the Reservation.Studio widget plugin for WordPress, affecting versions

8.8CVSS6.5AI score0.00269EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/07/11 3:15 a.m.17 views

Cross site request forgery (csrf)

The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recievepost, bmcdisconnect, namepost, and widgetpost functions in versions up to, and including, 3.7. This makes it possible for unauthenticated...

5CVSS5.7AI score0.00285EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2023/07/10 12:0 a.m.13 views

WordPress Social Media Icons Widget Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Social Media Icons Widget Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25036 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8722155f6da Credits Mika Required...

8.8CVSS6.6AI score0.00214EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/06/22 12:15 p.m.22 views

CVE-2023-26539

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Max Chirkov Advanced Text Widget plugin = 2.1.2 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2023/06/13 3:15 p.m.4 views

CVE-2023-23831

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Rating-Widget Rating-Widget: Star Review System plugin = 3.1.9 versions...

5.4CVSS7.3AI score0.00361EPSS
Exploits0References1
Prion
Prion
added 2023/06/13 3:15 p.m.14 views

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Rating-Widget Rating-Widget: Star Review System plugin = 3.1.9 versions...

4.9CVSS5.2AI score0.00361EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/13 1:40 p.m.38 views

CVE-2023-23831

The CVE-2023-23831 vulnerability affects WordPress Rating-Widget: Star Review System plugin versions &lt;= 3.1.9 ( Patchstack also references

6.5CVSS5.4AI score0.00361EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/05/23 4:15 p.m.24 views

CVE-2023-25474

Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...

8.8CVSS5.8AI score0.00256EPSS
Exploits0References1
OSV
OSV
added 2023/05/23 4:15 p.m.4 views

CVE-2023-25474

Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...

8.8CVSS7.3AI score
Exploits0References1
Prion
Prion
added 2023/05/23 4:15 p.m.16 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...

6.8CVSS8.7AI score0.00256EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/23 3:1 p.m.59 views

CVE-2023-25474

CVE-2023-25474: CSRF vulnerability in the About Me 3000 widget for WordPress (Csaba Kissi) affecting versions 2.2.6 if available; PT-Security explicitly recommends CSRF token validation and restricting access to sensitive actions. Patch status is not consistently defined across documents; monito...

8.8CVSS6.5AI score0.00256EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/04/15 9:15 p.m.13 views

CVE-2015-10101

A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be...

6.1CVSS4.1AI score0.00583EPSS
Exploits0References3
CVE
CVE
added 2023/04/15 8:38 p.m.267 views

CVE-2015-10101

CVE-2015-10101 affects the Google Analytics Top Content Widget plugin for WordPress (up to version 1.5.6). The public details indicate an issue in an unknown functionality of the file class-tgm-plugin-activation.php that enables cross-site scripting (XSS). The vulnerability can be exploited remot...

6.1CVSS4.7AI score0.00583EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder