Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.20 views

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin < 1.6.7.9 - Authenticated (Contributor+) SQL Injection via Shortcode

Description The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customerid parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of...

8.8CVSS7.5AI score0.00594EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.20 views

FV Flowplayer Video Player < 7.5.44.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.5.41.7212 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access...

6.5CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.20 views

WPFunnels < 3.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible...

5.9CVSS5.6AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.20 views

Smart Custom Fields < 5.0.0 - Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure

Description The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level acces...

4.3CVSS6.6AI score0.0058EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.20 views

Graphene < 2.9.3 - Unauthenticated Password Protected Post Access

Description The theme is vulnerable to unauthorized access of data via meta tag, allowing unauthenticated individuals to obtain post contents of password protected posts via the generated source...

5.3CVSS9.6AI score0.00523EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/18 12:0 a.m.20 views

Font Farsi <= 1.6.6 - Admin+ Stored XSS in Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

4.9AI score0.00443EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/03/18 12:0 a.m.20 views

Backuply – Backup, Restore, Migrate and Clone < 1.2.8 - Admin+ Directory Traversal

Description The Backuply – Backup, Restore, Migrate and Clone plugin is vulnerable to Directory Traversal via the backupname parameter in the backuplydownloadbackup function...

4.9CVSS6.8AI score0.00919EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.20 views

Elementor Addons by Livemesh < 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget

Description The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘carouselskin’ attribute of the Posts Carousel widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possib...

6.4CVSS5.7AI score0.00427EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.20 views

HT Mega – Absolute Addons For Elementor < 2.4.5 - Contributor+ Stored Cross-Site Scripting via Post Carousel Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘bordertype’ attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.20 views

Elementor Addons by Livemesh < 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget

Description The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Posts Slider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.7AI score0.00427EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.20 views

Elementor Addons by Livemesh < 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget

Description The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ attribute of the Team Members widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.7AI score0.00427EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/12 12:0 a.m.20 views

Sky Addons for Elementor < 2.5.0 - Authenticated(Contributor+) Stored Cross-site scripting via Wrapper Link URL

Description The Sky Addons for Elementor Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versions up to, and including, 2.4.0 due to...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/12 12:0 a.m.20 views

Tutor LMS – eLearning and online course solution < 2.6.2 - Cross-Site Request Forgery to Plugin Deactivation and Data Erase

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the erasetutordata function. This makes it possible for...

4.3CVSS6.6AI score0.0022EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/11 12:0 a.m.20 views

LadiApp <= 4.4 - Missing Authorization via save_config()

Description The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveconfig function in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to update t...

4.3CVSS6.4AI score0.00343EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/11 12:0 a.m.20 views

Auto Affiliate Links < 6.4.3.1 - Missing Authorization via aalAddLink

Description The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or...

4.3CVSS6.6AI score0.00533EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/07 12:0 a.m.20 views

Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on us...

5.4CVSS5.9AI score0.00435EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/04 12:0 a.m.20 views

CM Download Manager < 2.9.0 - Download Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack PoC Make an admin open the URL below https://example.com/cmdownload/del/id/...

6.4AI score0.00244EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/01 12:0 a.m.20 views

AI Engine < 2.2.1 - Unauthenticated Stored Cross-Site Scripting

Description The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output...

6.5CVSS6.2AI score0.0061EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/29 12:0 a.m.20 views

Download Manager < 3.2.86 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.8AI score0.00543EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.20 views

Avada | Website Builder For WordPress & WooCommerce < 7.11.5 - Authenticated (Contributor+) Arbitrary File Upload

Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaximportoptions function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers,...

8.8CVSS8.9AI score0.01161EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.20 views

Configure SMTP <= 3.1 - Reflected Cross-Site Scripting

Description The Configure SMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.20 views

System Dashboard < 2.8.10 - XSS via Header Injection

Description The plugin does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks PoC X-Forwarded-For: 11.11.11.11...

5.9AI score0.00813EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.20 views

postMash – custom post order <= 1.2.0 - Reflected Cross-Site Scripting via m

Description The postMash – custom post order plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘m’ parameter in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

7.1CVSS6.5AI score0.00351EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/23 12:0 a.m.20 views

Change Table Prefix <= 2.0 - Cross-Site Request Forgery via change_prefix_form

Description The Change Table Prefix plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'changeprefixform' function. This makes it possible for unauthenticated attackers to toggle...

8.8CVSS6.3AI score0.00279EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/23 12:0 a.m.20 views

Custom Order Statuses for WooCommerce <= 1.5.2 - Cross-Site Request Forgery

Description The Custom Order Statuses for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to modif...

4.3CVSS6.6AI score0.00277EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/22 12:0 a.m.20 views

Admin side data storage for Contact Form 7 plugin <= 1.1.1 - Missing Authorization to Unauthenticated Read Status Update

Description The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangestatus function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attacker...

5.3CVSS6.6AI score0.00386EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.20 views

Schema & Structured Data for WP & AMP < 1.27 - Contributor+ reCaptcha Key Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function, allowing authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially...

4.3CVSS5AI score0.00431EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.20 views

Ocean Extra < 2.2.5 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via custom fields due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesse...

6.4CVSS5.6AI score0.00463EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.20 views

My Calendar < 3.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The My Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6CVSS5.9AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/19 12:0 a.m.20 views

Contact Form builder with drag & drop for WordPress – Kali Forms < 2.3.42 - Missing Authorization

Description The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it...

5.4CVSS6.7AI score0.00308EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/16 12:0 a.m.20 views

Microsoft Clarity < 0.9.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Description The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the editclarityprojectid function. This makes it possible for unauthenticated attackers to change the project ...

6.1CVSS6AI score0.01324EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/15 12:0 a.m.20 views

Premium Addons for Elementor < 4.10.19 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not prevent users with at least the contributor role from conducting Stored XSS attacks via the plugin's onClick Event functionality...

5.5CVSS5.7AI score0.00613EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/14 12:0 a.m.20 views

Sydney Toolbox < 1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for...

5.5CVSS5.6AI score0.00432EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/14 12:0 a.m.20 views

MoveTo <= 6.2 - Missing Authorization to Unauthenticated Options Update

Description The moveto plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to update arbitrary WordPress options, potentially leading to site...

7.5CVSS6.7AI score0.00582EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/14 12:0 a.m.20 views

Maspik – Spam blacklist < 0.10.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Description The Maspik – Spam Blacklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.6AI score0.00418EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/14 12:0 a.m.20 views

WP Media folder < 5.7.3 - Missing Authorization to Authenticated(Subscriber+) Plugin settings change

Description The wp-media-folder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber access and above, to...

5.5CVSS6.7AI score0.00364EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/13 12:0 a.m.20 views

Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

8AI score0.00442EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.20 views

Simple Page Access Restriction < 1.0.23 - Improper Access Control to Sensitive Information Exposure via REST API

Description The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content...

5CVSS6.8AI score0.00482EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/07 12:0 a.m.20 views

ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in disableOptimization

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

4.3CVSS6.3AI score0.00372EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.20 views

BookIt <= 2.4.0 - Price Bypass

Description The Booking Calendar | Appointment Booking | BookIt plugin for WordPress is vulnerable to Price Bypass in versions up to and including 2.4.0. This makes it possible for site owners to make use of premium plugin features without paying. Note that this does not meaningfully negatively...

6.4CVSS6.8AI score0.00482EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.20 views

WP-CFM < 1.7.9 - Cross-Site Request Forgery via multiple AJAX functions

Description The WP-CFM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.8. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to modify the plugin's setting...

4.3CVSS5.1AI score0.00218EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.20 views

BEAR < 1.1.4.1 - Missing Authorization via Several Functions

Description The BEAR plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the /ext/history/history.php file in versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4CVSS6.2AI score0.00382EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.20 views

PowerPack Pro for Elementor < 2.10.8 - Missing Authorization to Settings Reset

Description The PowerPack Pro for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 2.10.6. This makes it possible for unauthenticated attackers to reset plugin settings...

6.4AI score0.00241EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.20 views

W3SPEEDSTER < 7.20 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS4.8AI score0.0025EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.20 views

WP Dummy Content Generator < 3.1.3 - Missing Authorization

Description The WP Dummy Content Generator plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability check son the wpdummycontentgeneratorDeletePosts and wpdummycontentgeneratorAjaxGenPosts functions in versions up to, and including, 3.1.2. This makes it...

4CVSS6.4AI score0.00359EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/04 12:0 a.m.20 views

Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.9CVSS5.5AI score0.00346EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.20 views

LearnDash LMS < 4.10.3 - Sensitive Information Exposure via API

Description The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions...

5CVSS7AI score0.05285EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.20 views

LearnDash LMS < 4.10.2 - Sensitive Information Exposure via API

Description The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes...

5CVSS7AI score0.02027EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/30 12:0 a.m.20 views

Avada < 7.11.2 - Contributor+ SSRF

Description The theme does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attacks...

7.7CVSS7.5AI score0.00462EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/01/29 12:0 a.m.20 views

Order Delivery Date for WP e-Commerce <= 1.2 - Unauthenticated Stored Cross-Site Scripting

Description The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for...

5.8CVSS5.9AI score0.00446EPSS
Exploits0References1
Total number of security vulnerabilities5000