Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

31 matches found

RedhatCVE
RedhatCVEadded 2026/01/14 11:19 p.m.2 views

CVE-2023-53985

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...

6.1CVSS6.6AI score0.00107EPSS
Exploits1References1
OSV
OSVadded 2026/01/13 11:15 p.m.2 views

CVE-2023-53985

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...

6.1CVSS6.1AI score
Exploits0References5
NVD
NVDadded 2026/01/13 11:15 p.m.2 views

CVE-2023-53985

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...

6.1CVSS0.00107EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/01/13 10:56 p.m.19 views

CVE-2023-53985 Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...

6.1CVSS0.00107EPSS
Exploits1References5
CVE
CVEadded 2026/01/13 10:56 p.m.4 views

CVE-2023-53985

CVE-2023-53985 affects Zstore (now Zippy CRM) version 6.5.4. A reflected cross-site scripting vulnerability exists due to unvalidated input parameters, allowing an attacker to inject and execute arbitrary JavaScript in a victim’s browser context. The CVSS metrics indicate network access with low ...

6.1CVSS6.2AI score0.00107EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/13 10:56 p.m.1 views

CVE-2023-53985 Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...

6.1CVSS6.2AI score0.00107EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-28659

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00338EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/23 7:10 a.m.5 views

CVE-2024-13715

The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstoreclearcache function in all versions up to, and including, 3.311. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS6.5AI score0.00094EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 3:22 a.m.4 views

CVE-2023-24648

Zstore v6.6.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /index.php...

6.1CVSS6.1AI score0.00338EPSS
Exploits1References1
OSV
OSVadded 2025/01/30 2:15 p.m.0 views

CVE-2024-13715

The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstoreclearcache function in all versions up to, and including, 3.311. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS5.8AI score0.00094EPSS
Exploits0References2
NVD
NVDadded 2025/01/30 2:15 p.m.7 views

CVE-2024-13715

The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstoreclearcache function in all versions up to, and including, 3.311. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS0.00094EPSS
Exploits0References2
CVE
CVEadded 2025/01/30 1:42 p.m.37 views

CVE-2024-13715

CVE-2024-13715 affects the WordPress plugin zStore Manager Basic (versions up to 3.311). Root cause: a missing capability check in the function zstore_clear_cache() . Impact: authenticated attackers with Subscriber+ privileges can clear the plugin cache, causing unauthorized data loss. Remediatio...

4.3CVSS4.3AI score0.00094EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2025/01/30 1:42 p.m.7 views

CVE-2024-13715 zStore Manager Basic <= 3.311 - Missing Authorization to Authenticated (Subscriber+) Cache Clearing

The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstoreclearcache function in all versions up to, and including, 3.311. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS4.3AI score0.00094EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/01/30 1:42 p.m.8 views

CVE-2024-13715 zStore Manager Basic <= 3.311 - Missing Authorization to Authenticated (Subscriber+) Cache Clearing

The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstoreclearcache function in all versions up to, and including, 3.311. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS0.00094EPSS
Exploits0References2
Patchstack
Patchstackadded 2025/01/30 7:43 a.m.1 views

WordPress zStore Manager Basic plugin <= 3.311 - Missing Authorization to Authenticated (Subscriber+) Cache Clearing vulnerability

Missing Authorization to Authenticated Subscriber+ Cache Clearing vulnerability discovered by Peter Thaleikis in WordPress Plugin zStore Manager Basic versions = 3.311...

4.3CVSS7AI score0.00094EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2025/01/30 12:0 a.m.1 views

WordPress plugin zStore Manager Basic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.1AI score0.00094EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/01/30 12:0 a.m.1 views

PT-2025-2254 · WordPress · Zstore Manager Basic

Name of the Vulnerable Software and Affected Versions: zStore Manager Basic plugin for WordPress versions up to, and including, 3.311 Description: The issue is related to a missing capability check on the zstore clear cache function, which allows authenticated attackers with Subscriber-level acce...

4.3CVSS8.9AI score0.00094EPSS
Exploits0References8
Packet Storm
Packet Stormadded 2023/06/22 12:0 a.m.319 views

Zstore 6.5.4 Database Disclosure

==================================================================================================================================== | Title : Zstore version 6.5.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit ...

7.1AI score
Exploits0
0day.today
0day.todayadded 2023/04/05 12:0 a.m.202 views

zstore 6.6.0 - Cross-Site Scripting Vulnerability

Exploit Title: zstore 6.6.0 - Cross-Site Scripting XSS Development: nu11secur1ty Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 Description: The value of...

6.8AI score
Exploits0
Exploit DB
Exploit DBadded 2023/04/05 12:0 a.m.150 views

zstore 6.6.0 - Cross-Site Scripting (XSS)

Exploit Title: zstore 6.6.0 - Cross-Site Scripting XSS Development: nu11secur1ty Date: 01.29.2023 Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4...

7.4AI score
Exploits0
Rows per page
Query Builder