Lucene search
K

6946 matches found

CVE
CVE
added 2026/06/15 8:18 p.m.15 views

CVE-2026-45437

The CVE-2026-45437 entry concerns the WordPress Product Filter Widget for Elementor plugin (versions

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.6 views

EUVD-2026-36840

Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.12 views

CVE-2025-68872

CVE-2025-68872 is a reflected XSS vulnerability in the WordPress plugin “Eli's WordCents adSense Widget with Analytics” (versions

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.24 views

CVE-2025-68872 WordPress Eli's WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Elis WordCents adSense Widget with Analytics = 1.3.03.27 versions...

7.1CVSS0.00175EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.10 views

CVE-2016-20078

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

6.9CVSS0.00688EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 12:0 p.m.19 views

CVE-2016-20078

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion (LFI) vulnerability in pic.php that allows unauthenticated attackers to read arbitrary files via directory traversal in the URL. The impact includes potential exposure of sensitive data such as wp-config.php. CVSS metrics present...

6.9CVSS5.5AI score0.00688EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.7 views

PT-2026-49352

Unauthenticated Cross Site Scripting XSS in Elis WordCents adSense Widget with Analytics = 1.3.03.27 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49216

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

6.9CVSS5.4AI score0.00688EPSS
Exploits0References4
NVD
NVD
added 2026/06/12 9:16 p.m.13 views

CVE-2026-45012

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery SSRF in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch...

7.6CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 9:16 p.m.13 views

CVE-2026-45011

ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to...

7.3CVSS0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 8:44 p.m.30 views

CVE-2026-45012 Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery SSRF in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch...

7.6CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:44 p.m.25 views

CVE-2026-45012

Summary (CVE-2026-45012) ApostropheCMS (Node.js) versions up to and including 4.29.0 expose an authenticated SSRF in the rich-text widget import flow. An authenticated user who can submit or edit rich-text content can trigger the server to fetch attacker-controlled URLs during widget validation, ...

7.6CVSS5.2AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:44 p.m.8 views

EUVD-2026-36568

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery SSRF in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch...

7.6CVSS5.3AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:44 p.m.7 views

CVE-2026-45012 Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery SSRF in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch...

7.6CVSS5.2AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:43 p.m.8 views

EUVD-2026-36567

ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to...

7.3CVSS5.3AI score0.00211EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 8:43 p.m.10 views

CVE-2026-45011 Apostrophe has stored XSS via javascript: URL in Image Widget Link

ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to...

7.3CVSS5.2AI score0.00211EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 8:43 p.m.21 views

CVE-2026-45011

CVE-2026-45011 affects ApostropheCMS 4.29.0, where a stored XSS can be injected via a javascript: URL in an image widget link. A user with Editor rights can publish the widget, enabling arbitrary JavaScript execution when a viewer clicks the link. Public patch status: at time of publication there...

7.3CVSS5.2AI score0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 8:43 p.m.32 views

CVE-2026-45011 Apostrophe has stored XSS via javascript: URL in Image Widget Link

ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to...

7.3CVSS0.00211EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.10 views

CVE-2026-8613

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.15 views

CVE-2026-8677

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.6AI score0.00243EPSS
Exploits0References1
Rows per page
Query Builder