Lucene search
K

39 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-11285

Malware in sbrugna...

6.1CVSS6.2AI score0.00827EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-6215

Malware in sbrugna...

6.1CVSS7.6AI score0.02136EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-1907

Malware in sbrugna...

6.1CVSS6.3AI score0.00913EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-4521

Malware in sbrugna...

4.3CVSS6.4AI score0.02046EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/08/21 9:26 a.m.10 views

CVE-2025-8064 Bible SuperSearch <= 6.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via selector_height Parameter

The Bible SuperSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘selectorheight’ parameter in all versions up to, and including, 6.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.0023EPSS
Exploits0References5
CVE
CVE
added 2025/07/04 11:17 a.m.24 views

CVE-2025-52798

CVE-2025-52798 is a Reflected XSS in the WordPress JobSearch plugin. The issue arises from improper input neutralization during web page generation, enabling an attacker to inject scripts via the JobSearch UI. Affected software: WordPress JobSearch (plugin) versions up to 2.9.0. CVSS v3.1 base sc...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/07/01 9:30 p.m.7 views

WordPress DearFlip plugin <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source' vulnerability

DOM-Based Reflected Cross-Site Scripting via 'pdf-source' vulnerability discovered by Martin Herancourt in WordPress Plugin DearFlip versions = 2.3.65...

6.1CVSS6AI score0.0026EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/20 3:3 p.m.2 views

CVE-2025-50048 WordPress Automatically Hierarchic Categories in Menu plugin <= 2.0.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS. This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.9...

6.5CVSS6.9AI score0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/09 3:56 p.m.3 views

CVE-2025-31638 WordPress Spare <= 1.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themeton Spare allows Reflected XSS. This issue affects Spare: from n/a through 1.7...

7.1CVSS6.9AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.12 views

CVE-2024-6339

The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS6.4AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.9 views

CVE-2021-24351

The theplusmorepost AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting exploitable on both unauthenticated and authenticated users...

6.1CVSS6.2AI score0.02483EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:24 p.m.7 views

CVE-2020-27356

The debug-meta-data plugin 1.1.2 for WordPress allows XSS...

5.4CVSS7AI score0.00952EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/21 7:54 p.m.4 views

CVE-2009-3891

Cross-site scripting XSS vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter aka the selection variable...

3.5CVSS5.4AI score0.02101EPSS
Exploits0References1
CVE
CVE
added 2025/05/15 8:7 p.m.37 views

CVE-2025-1289

The CVE-2025-1289 entry concerns the Plugin Oficial WordPress plugin up to version 1.7.3. The vulnerability is a stored XSS risk caused by insufficient sanitisation/escaping of certain settings, enabling high-privilege users (e.g., admins) to inject XSS even when unfiltered_html is disallowed (no...

4.8CVSS5.4AI score0.00219EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/07 2:19 p.m.13 views

CVE-2025-47443 WordPress Widget Countdown plugin <= 2.7.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevart Widget Countdown widget-countdown allows Stored XSS.This issue affects Widget Countdown: from n/a through = 2.7.4...

6.5CVSS0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/24 4:9 p.m.24 views

CVE-2025-46471 WordPress WP Custom Post Popup plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gnanavelshenll WP Custom Post Popup custom-post-popup allows DOM-Based XSS.This issue affects WP Custom Post Popup: from n/a through = 1.0.1...

6.5CVSS0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/24 12:0 a.m.5 views

PT-2025-17840 · WordPress · Wp-Recaptcha-Bp

Name of the Vulnerable Software and Affected Versions: WP-reCAPTCHA-bp versions n/a through 4.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker can inject...

5.9CVSS6.3AI score0.00182EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/04/22 9:53 a.m.19 views

CVE-2025-46228 WordPress Event post plugin <= 5.9.11 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bastien Ho Event post event-post allows DOM-Based XSS.This issue affects Event post: from n/a through = 5.9.11...

6.5CVSS0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 3:47 p.m.13 views

CVE-2025-32592 WordPress TableOn Plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 TableOn posts-table-filterable allows Stored XSS.This issue affects TableOn: from n/a through = 1.0.3...

7.1CVSS0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.7 views

PT-2025-17167 · WordPress · Wpfactory Product Excel Import Export & Bulk Edit For Woocommerce

Name of the Vulnerable Software and Affected Versions: WPFactory Product Excel Import Export & Bulk Edit for WooCommerce versions n/a through 4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows...

7.1CVSS7.1AI score0.00235EPSS
Exploits0References3
Rows per page
Query Builder