Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-34193

Malicious code in bioql PyPI...

6.3CVSS5.1AI score0.00637EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-42354

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.9 views

CVE-2024-1586

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject...

6.4CVSS6AI score0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/23 11:7 a.m.33 views

CVE-2024-3491 Schema & Structured Data for WP & AMP <= 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00333EPSS
Exploits0References2
CVE
CVE
added 2024/02/20 6:56 p.m.59 views

CVE-2024-1288

CVE-2024-1288 affects the Schema & Structured Data for WP & AMP WordPress plugin. The vulnerability is due to a missing capability check in the saswp_reviews_form_render function, allowing authenticated attackers with Contributor+ access to modify stored reCaptcha site/secret keys, potentially br...

4.3CVSS5.1AI score0.00431EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/01/31 7:15 p.m.33 views

CVE-2024-22146

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25...

6.5CVSS6.5AI score0.0034EPSS
Exploits0References1
Prion
Prion
added 2024/01/31 7:15 p.m.15 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25...

4.9CVSS7AI score0.0034EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.11 views

WordPress Schema & Structured Data for WP & AMP Plugin <= 1.23 is vulnerable to Cross Site Scripting (XSS)

Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.23 Fixed in 1.24 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51677 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c9c204c67d47 Credits LVT-tholv2k Requir...

6.5CVSS6.9AI score0.00328EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/06/07 2:15 a.m.24 views

CVE-2021-4354

The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwpsplashscreenuploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites...

8.8CVSS8.9AI score0.01817EPSS
Exploits1References2
Prion
Prion
added 2023/06/07 2:15 a.m.13 views

Authorization

The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwpupdatefeaturesoptions function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings...

4CVSS4.5AI score0.00637EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/06/07 1:51 a.m.46 views

CVE-2021-4366

The CVE-2021-4366 entry concerns the WordPress PWA for WP & AMP plugin. Affected component: pwaforwp_update_features_options function. Root cause: missing capability check leads to an authorization bypass in versions up to and including 1.7.32, allowing authenticated attackers to alter restricted...

6.3CVSS4.3AI score0.00637EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.26 views

CVE-2021-4366 PWA for WP & AMP < = 1.7.32 - Missing Authorization

The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwpupdatefeaturesoptions function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings...

6.3CVSS6.2AI score0.00637EPSS
Exploits1References3
Rows per page
Query Builder