Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.20 views

CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More < 4.5 - Unauthenticated PHP Object Injection

Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recentlyviewedproducts cookie. Thi...

9.8CVSS7.3AI score0.00675EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.20 views

WP Time Slots Booking Form < 1.2.11 - Unauthenticated Stored Cross-Site Scripting

Description The WP Time Slots Booking Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.1CVSS6AI score0.00308EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.20 views

ElasticPress < 5.1.2 - Data Sync via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the dosync function. This makes it possible for unauthenticated attackers to sync data via a forged request granted they can trick a site administrator into performing an action such...

4.3CVSS6.5AI score0.00185EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.20 views

Pagerank Tools <= 1.1.5 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC https://example.com/wp-admin/tools.php?page=pagepageranks="...

8.5AI score0.00395EPSS
Exploits4
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.20 views

Frontend Checklist <= 2.3.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to frontend-checklist admin...

4.9AI score0.00329EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/06/04 12:0 a.m.20 views

GP Premium < 2.4.1 - Reflected Cross-Site Scripting

Description The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS6.3AI score0.00637EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/03 12:0 a.m.20 views

SEOPress < 7.8 - Contributor+ Open Redirect

Description The plugin does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post PoC As a contributor, create a new Post, at the bottom of the page put the following payload in the...

6.4AI score0.00329EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.20 views

Advanced Custom Fields < 6.3 - Contributor+ Custom Field Access

Description The plugin allows you to display custom field values for any post via shortcode without checking for the correct access PoC 1. ADMIN: Install Advanced Custom Fields or ACF Pro 2. ADMIN: Create a new field group for posts and add a field to that 3. ADMIN: Fill in content for posts...

9.3AI score0.00428EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/23 12:0 a.m.20 views

Spectra – WordPress Gutenberg Blocks < 2.12.9 - Contributor+ Stored XSS via Testimonial Block

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial and Image Gallery blocks due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS5.9AI score0.00257EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/23 12:0 a.m.20 views

Web Directory Free < 1.7.0 - Unauthenticated SQL Injection

Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. PoC curl --url...

9.8AI score0.67288EPSS
Exploits4Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/23 12:0 a.m.20 views

WP Fastest Cache < 1.2.7 - Admin+ Arbitrary File Deletion

Description The plugin for WordPress is vulnerable to Directory Traversal via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting...

7.2CVSS6.8AI score0.00942EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.20 views

ElementsKit Pro < 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS5.7AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.20 views

ShopLentor < 2.8.8 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

6.5CVSS5.9AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/20 12:0 a.m.20 views

Contact Form Widget < 1.4.0 - Sensitive Information Exposure

Description The Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.9. This makes it possible for unauthenticated attackers to extract sensitive user or...

5.3CVSS6.9AI score0.00344EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/20 12:0 a.m.20 views

Copymatic – AI Content Writer & Generator < 1.7 - Unauthenticated Arbitrary File Upload

Description The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code...

10CVSS8AI score0.01622EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/19 12:0 a.m.20 views

Clearfy Cache <= 2.2.1 - Cross-Site Request Forgery

Description The Clearfy Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request...

4.3CVSS6.4AI score0.00188EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.20 views

weDocs < 2.1.5 - Missing Authorization

Description The weDocs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatehelpfullness REST API endpoint in versions up to, and including, 2.1.4. This makes it possible for unauthenticated attackers to update settings...

5.3CVSS6.9AI score0.00373EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/14 12:0 a.m.20 views

The Events Calendar < 6.4.0.1 - Reflected XSS

Description The plugin does not properly sanitize user-submitted content when rendering some views via AJAX. PoC...

6.6AI score0.01834EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/08 12:0 a.m.20 views

GiveWP – Donation Plugin and Fundraising Platform < 3.5.0 - Authenticated (GiveWP Manager+) PHP Object Injection

Description The GiveWP plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with give manager-level access and above, to inject a PHP Object. No known POP...

8CVSS7.4AI score0.00622EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.20 views

Share This Image < 1.99 - Open Redirect

Description The plugin is vulnerable to Open Redirect due to insufficient validation on a redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action...

4.7CVSS4.7AI score0.00384EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.20 views

JW Player for WordPress <= 2.3.3 - Missing Authorization

Description The JW Player for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...

6.5CVSS6.7AI score0.00429EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.20 views

Mesmerize Companion < 1.6.149 - Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode

Description The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerizecontactform' shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.9AI score0.00333EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.20 views

WP Post Author < 3.6.5 - Subscriber+ Rating Manipulation

Description The plugin is vulnerable to unauthorized access due to a missing capability check on a function, allowing authenticated attackers, with subscriber-level access and above, to manipulate ratings...

4.3CVSS4.7AI score0.00361EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.20 views

Archives Calendar Widget <= 1.0.15 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Archives Calendar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00442EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.20 views

Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...

6.5CVSS5.9AI score0.00314EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.20 views

Rank Math SEO with AI Best SEO Tools < 1.0.218 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textAlign’ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.5AI score0.00429EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.20 views

Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov...

6.5CVSS5.9AI score0.00314EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/03 12:0 a.m.20 views

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder < 2.5.4 - Contrib+ DOM-Based Cross-Site Scripting

Description The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the ‘typingcursor’ parameter in versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS6.1AI score0.00563EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/02 12:0 a.m.20 views

CAS <= 1.0.0 - Unauthenticated Arbitrary File Access

Description This plugin does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server PoC https://example.com/wp-content/themes/cas/download.php?path=...

6.7AI score0.00719EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2024/04/30 12:0 a.m.20 views

Frontend Dashboard < 2.2.4 -

Description The Frontend Dashboard plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to extract sensitive data...

7.5CVSS6.9AI score0.0068EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/30 12:0 a.m.20 views

Slider Revolution < 6.7.8 - Authenticated (Author+) Stored Cross-Site Scripting via htmltag Parameter

Description The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.20 views

List Custom Taxonomy Widget < 4.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The List Custom Taxonomy Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.20 views

WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress < 3.1.4 - Cross-Site Request Forgery

Description The WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing or incorrect nonce validation on several functions. This...

4.3CVSS6.6AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.20 views

Page Builder: Live Composer < 1.5.39 - Missing Authorization

Description The Page Builder: Live Composer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dslcajaxaddmodule function in versions up to, and including, 1.5.38. This makes it possible for authenticated attackers, with author-level...

4.7CVSS6.7AI score0.00379EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.20 views

VK Block Patterns < 1.31.1.1 - Missing Authorization

Description The VK Block Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vbpclearpatternscache function in versions up to, and including, 1.31.0. This makes it possible for unauthenticated attackers to clear the patterns...

5.3CVSS6.9AI score0.00381EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.20 views

Headline Analyzer < 1.3.4 - Cross-Site Request Forgery

Description The Headline Analyzer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on several REST API endpoints. This makes it possible for unauthenticated attackers to perform sever...

4.3CVSS6.7AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/25 12:0 a.m.20 views

WP TradingView <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP TradingView plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS7.8AI score0.0032EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/25 12:0 a.m.20 views

WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting

Description The WP-Cufon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS8AI score0.00333EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.20 views

Seriously Simple Podcasting < 3.1.0 - Reflected Cross-Site Scripting

Description The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS8.6AI score0.00426EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.20 views

WordPress Automatic Plugin < 3.93.0 Cross-Site Request Forgery

Description The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.92.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...

7.6CVSS6.7AI score0.00232EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.20 views

GG Woo Feed for WooCommerce Shopping Feed < 1.2.7 - Missing Authorization

Description The GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /inc/Core/ajax-functions.php file in all versions up to, and...

4.3CVSS4.4AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.20 views

Popup Anything < 2.8.1 - Missing Authorization

Description The Popup Anything – Popup for opt-ins and Lead Generation Conversions plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the popupaocrenderpopuppreview function in all versions up to, and including, 2.8.0. This makes it possible for...

5.3CVSS5.1AI score0.0042EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.20 views

Attesa Extra < 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Attesa Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.5CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.20 views

Canva – Design beautiful blog graphics <= 1.2.4 - Reflected Cross-Site Scripting

Description The Canva – Design beautiful blog graphics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.4AI score0.00333EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/18 12:0 a.m.20 views

ElementsKit Pro < 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'

Description The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/18 12:0 a.m.20 views

Poll Maker – Best WordPress Poll Plugin < 5.1.9 - Missing Authorization to Unauthenticated Email Enumeration

Description The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspollcreateauthor function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to...

5.3CVSS6.5AI score0.00584EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.20 views

Wallet System for WooCommerce < 2.5.10 - Cross-Site Request Forgery

Description The Wallet System for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform a...

5.4CVSS6.5AI score0.00209EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.20 views

Aspose.Words Exporter <= 6.3.1 - Missing Authorization

Description The Aspose.Words – Import and Export word documents plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.3.1. This makes it possible for authenticated attackers, with subscriber-level access a...

4.3CVSS6.2AI score0.00376EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.20 views

Spotlight Social Media Feeds < 1.6.11 - Cross-Site Request Forgery

Description The Spotlight Social Media Feeds plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.10. This is due to missing or incorrect nonce validation in the AuthCallbackListener class. This makes it possible for unauthenticated attackers to...

4.3CVSS6.5AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.20 views

BA Book Everything < 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000