Lucene search
+L

41 matches found

NVD
NVD
added 2026/07/02 12:16 p.m.5 views

CVE-2025-66076

Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...

5.3CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.10 views

CVE-2025-66076

The CVE concerns WordPress Woostify Sites Library plugin (versions ≤ 1.6.2) with an Unauthenticated Broken Access Control vulnerability. The connected documents confirm the affected product and issue type but do not provide a remediation version or explicit exploit details. No further technical s...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.37 views

CVE-2025-66076 WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...

5.3CVSS0.00214EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-54960

Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/29 12:0 p.m.4 views

WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Woostify Sites Library versions = 1.6.2...

5.3CVSS5.8AI score0.00214EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.12 views

CVE-2026-4805

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 8:16 a.m.10 views

CVE-2026-4805

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS0.00206EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/28 6:45 a.m.4 views

CVE-2026-4805 Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS5.5AI score0.00206EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/28 6:45 a.m.29 views

CVE-2026-4805 Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS0.00206EPSS
Exploits0References7
CVE
CVE
added 2026/04/28 6:45 a.m.19 views

CVE-2026-4805

CVE-2026-4805 affects the WordPress Woostify theme (versions

6.4CVSS5.5AI score0.00206EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/28 6:45 a.m.8 views

EUVD-2026-26005

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS5.5AI score0.00206EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:45 a.m.12 views

CVE-2026-4805

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS5.5AI score0.00206EPSS
Exploits0References8
OSV
OSV
added 2026/04/28 6:45 a.m.4 views

CVE-2026-4805 Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS6.1AI score0.00206EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.13 views

WordPress plugin Woostify 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.6AI score0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.10 views

PT-2026-35679

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

6.4CVSS5.5AI score0.00206EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/04/27 6:15 p.m.8 views

WordPress Woostify theme <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Theme Woostify versions = 2.5.0...

6.4CVSS5.1AI score0.00206EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31301

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.0021EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/27 8:44 a.m.6 views

CVE-2025-60101

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in duongancol Woostify woostify allows Stored XSS.This issue affects Woostify: from n/a through = 2.4.2...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/26 9:50 a.m.7 views

WordPress Woostify Theme <= 2.4.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by savphill in WordPress Theme Woostify versions = 2.4.2...

5.9CVSS6.2AI score0.0021EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/09/26 9:15 a.m.4 views

CVE-2025-60101

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in duongancol Woostify woostify allows Stored XSS.This issue affects Woostify: from n/a through = 2.4.2...

5.9CVSS0.0021EPSS
Exploits0References1
Rows per page
Query Builder