Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2025/02/17 12:0 a.m.9 views

1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Cross-Site Request Forgery to Backup Process Cancellation

Description The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the cancelactions function. This makes it possible...

5.3CVSS4.8AI score0.0019EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/02/12 12:0 a.m.21 views

Avada Theme < 7.11.14 - Unauthenticated Arbitrary Shortcode Execution

Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before...

9.8CVSS7.6AI score0.02104EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2025/02/11 12:0 a.m.13 views

360 Product Rotation <= 1.5.8 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. PoC...

6AI score0.00301EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2025/01/28 12:0 a.m.11 views

12 Step Meeting List < 3.16.6 - Unauthenticated Sensitive Information Exposure

Description The 12 Step Meeting List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.16.5. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

5.3CVSS6.7AI score0.00933EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/01/28 12:0 a.m.13 views

Avada < 7.11.11 - Missing Authorization

Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.11.10. This makes it possible for unauthenticated attackers to perform an unauthoriz...

6.4AI score0.00224EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/01/28 12:0 a.m.13 views

12 Step Meeting List < 3.16.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion

Description The 12 Step Meeting List plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpajaxtsmldelete function in all versions up to, and including, 3.16.5. This makes it possible for authenticated attackers, with Contributor-level access a...

6.5CVSS6.4AI score0.00611EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/01/20 12:0 a.m.16 views

1003 Mortgage Application <= 1.87 - Unauthenticated Full Path Disclosure

Description The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attacker...

5.3CVSS6.7AI score0.00372EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/01/14 12:0 a.m.11 views

1003 Mortgage Application <= 1.87 - Missing Authorization

Description The 1003 Mortgage Application plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.87. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an...

4.3CVSS6.5AI score0.00315EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/01/14 12:0 a.m.15 views

4ECPS Web Forms <= 0.2.18 - Unauthenticated Arbitrary File Upload

Description The 4ECPS Web Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.2.18. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may mak...

10CVSS8AI score0.00468EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/01/14 12:0 a.m.9 views

1003 Mortgage Application <= 1.87 - Missing Authorization

Description The 1003 Mortgage Application plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.87. This makes it possible for unauthenticated attackers to perform an unauthorized action...

7.5CVSS6.7AI score0.00381EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/01/14 12:0 a.m.16 views

Free WooCommerce Theme 99fy Extension < 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Free WooCommerce Theme 99fy Extension plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.5CVSS5.7AI score0.00219EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/01/08 12:0 a.m.8 views

3DVieweronline < 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The 3DVieweronline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '3Dvo-model' shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.00252EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/01/08 12:0 a.m.9 views

5centsCDN <= 25.4.15 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

7.1CVSS6.7AI score0.00246EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/01/08 12:0 a.m.9 views

10CentMail <= 2.1.50 - Reflected Cross-Site Scripting

Description The 10CentMail plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00254EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2025/01/07 12:0 a.m.7 views

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer < 2.3.53 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The PDF Flipbook, 3D Flipbook—DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data. This makes it possible for authenticated attacke...

6.4CVSS5.7AI score0.00306EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/12/19 12:0 a.m.13 views

3D Avatar User Profile <= 1.0.0 - Reflected Cross-Site Scripting

Description The 3D Avatar User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.5AI score0.0041EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/12/19 12:0 a.m.17 views

Avada < 7.11.11 - Cross-Site Request Forgery

Description The Avada theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.11.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...

4.3CVSS6.4AI score0.00174EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/12/12 12:0 a.m.15 views

360 Javascript Viewer < 1.7.30 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00362EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/11/19 12:0 a.m.12 views

404 Solution < 2.35.20 - Reflected Cross-Site Scripting

Description The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS6.3AI score0.00309EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/11/18 12:0 a.m.10 views

404 Solution < 2.35.18 - Missing Authentication to Sensitive Information Exposure

Description The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract sensitive data such as redirects including GET parameters which m...

5.3CVSS6.9AI score0.00374EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/11/15 12:0 a.m.6 views

404 Error Monitor <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update via updatePluginSettings Function

Description The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings function. This makes it possible for unauthenticated attackers to make...

5.3CVSS6.3AI score0.00277EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/11/15 12:0 a.m.11 views

3DPrint Lite < 2.1 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC Have a logged in admin open an HTML page containing the following form:...

4.3CVSS6.6AI score0.00193EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/11/06 12:0 a.m.13 views

5 Stars Rating Funnel <= 1.4.01 - Authenticated (Contributor+) SQL Injection

Description The 5 Stars Rating Funnel plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.01 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

8.5CVSS7.3AI score0.00384EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/11/06 12:0 a.m.10 views

3D Presentation <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The 3D Presentation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...

6.5CVSS5.8AI score0.00234EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/10/23 12:0 a.m.20 views

PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip < 2.3.42 - Reflected Cross-Site Scripting

Description The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdfsource' parameter in all versions up to, and including, 2.3.32 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS6.5AI score0.00421EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/10/11 12:0 a.m.9 views

2D Tag Cloud <= 6.0.2 - Reflected Cross-Site Scripting via add_query_arg Parameter

Description The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 6.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS6.5AI score0.00344EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/10/03 12:0 a.m.12 views

Smart Custom 404 Error Page < 11.4.8 - Reflected Cross-Site Scripting

Description The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $SERVER'REQUESTURI' in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6.2AI score0.00424EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/09/30 12:0 a.m.18 views

123.chat - Video Chat <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting

Description The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.2CVSS8.1AI score0.00362EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/09/25 12:0 a.m.21 views

012 PS Multi Languages <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS7.8AI score0.00263EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/09/05 12:0 a.m.22 views

LatePoint <= 4.9.91 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.9.91 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/09/04 12:0 a.m.14 views

LatePoint <= 4.9.91 - Cross-Site Request Forgery

Description The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.91. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a...

6.6AI score0.00244EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/08/16 12:0 a.m.8 views

Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting via 'post'

Description The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6.5AI score0.00306EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/08/09 12:0 a.m.12 views

MDx < 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdx_list_item Shortcode

Description The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdxlistitem' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

5.9AI score0.00379EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/07/16 12:0 a.m.13 views

Ultimate Addons for WPBakery Page Builder < 3.19.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfobanner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.8AI score0.00297EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/07/16 12:0 a.m.9 views

Ultimate Addons for WPBakery Page Builder < 3.19.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultteam shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00297EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/07/16 12:0 a.m.12 views

Ultimate Addons for WPBakery Page Builder < 3.19.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatedualcolor shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.8AI score0.00297EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/07/16 12:0 a.m.23 views

Ultimate Addons for WPBakery Page Builder < 3.19.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfotable shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.8AI score0.00297EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/07/16 12:0 a.m.14 views

Ultimate Addons for WPBakery Page Builder < 3.19.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatepricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

6.4CVSS5.9AI score0.00295EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/25 12:0 a.m.791 views

WordPress < 6.5.5 - Contributor+ Path Traversal in Template-Part Block

Description WordPress does not properly escape the "file" attribute in the "Template Part block" allowing high-privileged users to perform Path Traversal on Windows servers, leading to arbitrary File Reads...

7.2AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/25 12:0 a.m.100 views

WordPress < 6.5.5 - Contributor+ Stored XSS in Template-Part Block

Description WordPress does not properly escape the "tagName" attribute in the "Template Part block" allowing high-privileged users to perform Stored Cross-Site Scripting XSS attacks. PoC As a contributor, add a "Template Part" block to a post, click on "Start Blank" and then Create. Go into Edito...

5.8AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/25 12:0 a.m.381 views

WordPress < 6.5.5 - Contributor+ Stored XSS in HTML API

Description WordPress does not properly escape URL attributes in the HTML API, allowing high-privileged users to perform Stored Cross-Site Scripting XSS attacks...

5.7AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/24 12:0 a.m.70 views

WooCommerce 8.8.0 - 8.9.2 - Reflected XSS

Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...

5.4CVSS5.4AI score0.00483EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/24 12:0 a.m.24 views

Dextaz Ping <= 0.65 - Admin+ RCE

Description The plugin is vulnerable to Remote Code Execution, allowing authenticated attackers, with administrator-level access and above, to execute code on the server...

9.1CVSS7.4AI score0.0111EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/24 12:0 a.m.26 views

Divi < 4.25.2 - Contributor+ Stored XSS

Description The theme is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesse...

6.4CVSS5.6AI score0.00263EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/21 12:0 a.m.22 views

Greenshift – animation and page builder blocks < 8.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social share block in all versions up to, and including, 8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes...

6.5CVSS5.9AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/18 12:0 a.m.16 views

Tooltip CK <= 2.2.15 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Tooltip CK plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.7AI score0.00276EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/18 12:0 a.m.60 views

Advanced Custom Fields Pro < 6.2.10 - Authenticated (Contributor+) Code Injection

Description The Advanced Custom Fields Pro plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 6.2.9. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server...

8.5CVSS7.4AI score0.00429EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/18 12:0 a.m.28 views

Photo Gallery by 10Web <= 1.8.25 - Missing Authorization

Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.25. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS6.4AI score0.00346EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/18 12:0 a.m.15 views

Advanced Custom Fields Pro < 6.2.10 - Authenticated (Contributor+) Local File Inclusion

Description The Advanced Custom Fields Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server,...

9.9CVSS7.6AI score0.0059EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/18 12:0 a.m.15 views

Weather Widget Pro <= 1.1.40 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Weather Widget Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References1
Total number of security vulnerabilities14602