Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.10 views

CVE-2026-49069

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21...

7.1CVSS5.4AI score0.00342EPSS
Exploits2References1
NVD
NVD
added 2026/06/10 2:16 p.m.18 views

CVE-2026-49069

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21...

7.1CVSS0.00342EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/06/10 12:39 p.m.36 views

CVE-2026-49069 WordPress WPZOOM Portfolio plugin <= 1.4.21 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21...

7.1CVSS0.00342EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/10 12:39 p.m.11 views

EUVD-2026-36010

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21...

7.1CVSS5.4AI score0.00342EPSS
Exploits2References1
CVE
CVE
added 2026/06/10 12:39 p.m.36 views

CVE-2026-49069

The CVE-2026-49069 entry refers to the WordPress WPZOOM Portfolio plugin (versions

7.1CVSS5.4AI score0.00342EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

WordPress plugin WPZOOM Portfolio 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5AI score0.00342EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48405

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21...

7.1CVSS5.4AI score0.00342EPSS
Exploits2References2
Patchstack
Patchstack
added 2026/06/08 12:29 p.m.11 views

WordPress WPZOOM Portfolio plugin <= 1.4.21 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Kent Apostol in WordPress Plugin WPZOOM Portfolio versions = 1.4.21...

7.1CVSS5.5AI score0.00342EPSS
Exploits2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-52085

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00471EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:20 a.m.11 views

CVE-2024-8276

The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping...

6.4CVSS5.8AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:32 a.m.9 views

CVE-2022-4789

The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS6AI score0.00471EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/09/02 3:46 a.m.2 views

WordPress WPZOOM Portfolio Lite plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via align Attribute vulnerability discovered by Francesco Carlucci in WordPress Plugin WPZOOM Portfolio versions = 1.4.4...

6.4CVSS5.8AI score0.00352EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/02 12:0 a.m.14 views

WordPress WPZOOM Portfolio Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Software WPZOOM Portfolio Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8276 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5e6e6f313600 Credits Francesco Carlucci...

6.4CVSS5.8AI score0.00352EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/08/31 7:36 a.m.44 views

CVE-2024-8276

CVE-2024-8276 (WPZOOM Portfolio Lite – Filterable Portfolio Plugin) affects WordPress WPZOOM Portfolio Lite. It allows Stored XSS via the align attribute in the wp:wpzoom-blocks Gutenberg block for all versions up to 1.4.4, caused by insufficient input sanitization and output escaping. Exploitati...

6.4CVSS5.5AI score0.00352EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/08/31 7:36 a.m.24 views

CVE-2024-8276 WPZOOM Portfolio Lite – Filterable Portfolio Plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping...

6.4CVSS0.00352EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/08/31 12:0 a.m.4 views

WordPress plugin WPZOOM Portfolio Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.4CVSS5.9AI score0.00352EPSS
Exploits0References6
OSV
OSV
added 2023/01/23 3:15 p.m.5 views

CVE-2022-4789

The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score0.00471EPSS
Exploits1References1
NVD
NVD
added 2023/01/23 3:15 p.m.19 views

CVE-2022-4789

The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.3AI score0.00471EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/01/23 2:31 p.m.7 views

CVE-2022-4789 WPZOOM Portfolio < 1.2.2 - Contributor+ Stored XSS via Shortcode

The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

6.1AI score0.00471EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/01/23 2:31 p.m.24 views

CVE-2022-4789 WPZOOM Portfolio < 1.2.2 - Contributor+ Stored XSS via Shortcode

The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.5AI score0.00471EPSS
Exploits1References1
Rows per page
Query Builder