Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2020 matches found

CVE
CVEadded 2025/01/23 3:29 p.m.54 views

CVE-2025-23722

CVE-2025-23722 targets Mind3doM RyeBread Widgets with a Reflected Cross-Site Scripting flaw caused by improper input neutralization during web page generation. Affected: Mind3doM RyeBread Widgets, versions up to 1.0 (listed as 1.0 in the connected Red Hat entry). Exploitation details are not prov...

7.1CVSS7.2AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/01/23 12:0 a.m.5 views

PT-2025-5049 · Unknown · Mind3Dom Ryebread Widgets

Name of the Vulnerable Software and Affected Versions: Mind3doM RyeBread Widgets versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows reflected XSS. This problem affects Mind3d...

7.1CVSS9.4AI score0.00241EPSS
Exploits0References5
CNNVD
CNNVDadded 2025/01/23 12:0 a.m.4 views

WordPress plugin Mind3doM RyeBread Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS7.8AI score0.00241EPSS
Exploits0References2
Patchstack
Patchstackadded 2025/01/22 10:49 a.m.5 views

WordPress Avada Builder plugin <= 3.11.11 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting in Multiple Widgets vulnerability discovered by Webbernaut in WordPress Plugin Fusion Builder versions = 3.11.11...

6.4CVSS5.8AI score0.00216EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2025/01/21 9:15 a.m.3 views

CVE-2025-0371

The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

5.4CVSS7.4AI score0.00282EPSS
Exploits0References2
CVE
CVEadded 2025/01/21 8:21 a.m.61 views

CVE-2025-0371

CVE-2025-0371 concerns the WordPress JetElements plugin, with stored cross-site scripting in multiple widgets in all versions up to 2.7.2.1. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling an authenticated attacker (contributor level or ...

6.4CVSS5.8AI score0.00282EPSS
Exploits0References2Affected Software1
Patchstack
Patchstackadded 2025/01/21 1:9 a.m.5 views

WordPress Jet Elements plugin <= 2.7.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by stealthcopter in WordPress Plugin JetElements For Elementor versions = 2.7.2.1...

6.4CVSS5.8AI score0.00282EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/01/20 7:34 a.m.3 views

Malicious code in glia-widgets-ionic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0d5d3faebf1c86a5653722c3d88e893d95fb5e1eea9a5d81d4cf3a2dd82ebc0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSVadded 2025/01/20 7:34 a.m.2 views

MAL-2025-193 Malicious code in glia-widgets-ionic (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0d5d3faebf1c86a5653722c3d88e893d95fb5e1eea9a5d81d4cf3a2dd82ebc0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
NVD
NVDadded 2025/01/16 9:15 p.m.6 views

CVE-2025-23816

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n/a through 2.4...

6.5CVSS0.00357EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/01/16 8:8 p.m.6 views

CVE-2025-23816 WordPress Metaphor Widgets plugin <= 2.4 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n/a through 2.4...

6.5CVSS6.7AI score0.00357EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/01/16 8:8 p.m.15 views

CVE-2025-23816 WordPress Metaphor Widgets plugin <= 2.4 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n/a through 2.4...

6.5CVSS0.00357EPSS
Exploits0References1
CVE
CVEadded 2025/01/16 8:8 p.m.41 views

CVE-2025-23816

CVE-2025-23816 (Metaphor Widgets) is an stored XSS in Metaphor Widgets up to version 2.4. The initial document assigns CVSS v3.1 base score 6.5 (MEDIUM) with Network attack vector, Low privileges, user interaction required, and effects on confidentiality, integrity, and availability. Connected Re...

6.5CVSS8.6AI score0.00357EPSS
Exploits0References1
Patchstack
Patchstackadded 2025/01/16 6:42 p.m.4 views

WordPress Coronavirus (COVID-19) Outbreak Data Widgets Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Coronavirus COVID-19 Outbreak Data Widgets versions = 1.1.1...

7.1CVSS6.1AI score0.00231EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2025/01/16 6:42 p.m.2 views

WordPress Metaphor Widgets plugin <= 2.4 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Metaphor Widgets versions = 2.4...

6.5CVSS5.8AI score0.00357EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2025/01/16 6:42 p.m.5 views

WordPress Mind3doM RyeBread Widgets plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Mind3doM RyeBread Widgets versions = 1.0...

7.1CVSS6.1AI score0.00241EPSS
Exploits0Affected Software1
CNNVD
CNNVDadded 2025/01/16 12:0 a.m.2 views

WordPress plugin Metaphor Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS7.8AI score0.00357EPSS
Exploits0References1
NVD
NVDadded 2025/01/11 8:15 a.m.5 views

CVE-2024-12527

The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfectportalintakeform' shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00325EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/01/11 7:21 a.m.12 views

CVE-2024-12527 Perfect Portal Widgets <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfectportalintakeform' shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00325EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/01/11 7:21 a.m.3 views

CVE-2024-12527 Perfect Portal Widgets <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfectportalintakeform' shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00325EPSS
Exploits0References3
Rows per page
Query Builder