Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.18 views

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin < 3.4.2.5 - Reflected Cross-Site Scripting.

Description The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes...

5.8CVSS6.2AI score0.0061EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.14 views

WooCommerce Easy Checkout Field Editor, Fees & Discounts < 3.5.13 - Unauthenticated Arbitrary File Upload

Description The SysBasics Easy Checkout Field Editor, Fees & Discounts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.5.12. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

10CVSS7.9AI score0.0063EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.17 views

ProfilePress < 4.15.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its edit-profile-text-box shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5CVSS5.7AI score0.00598EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.13 views

Buttons Shortcode and Widget <= 1.16 - Stored XSS via shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC otwshortcodebutton...

5.7AI score0.00413EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.16 views

Schema & Structured Data for WP & AMP < 1.27 - Authenticated Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the custom schema due to insufficient input sanitization and output escaping, allowing authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default t...

6.4CVSS5.8AI score0.00372EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.17 views

Peach Payments Gateway < 3.2.0 - Missing Authorization via peach_core_version_rollback()

Description The Peach Payments Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the peachcoreversionrollback function in versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with...

5.4CVSS6.3AI score0.00364EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.13 views

Plugin Groups < 2.0.7 - Missing Authorization to Unauthenticated Denial of Service

Description The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admininit function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin,...

8.2CVSS6.6AI score0.00487EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.10 views

Shortcodes Ultimate < 7.0.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its sutooltip shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.9AI score0.00473EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.16 views

Fancy Product Designer < 6.1.5 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators. PoC - Log in as an administrator, and visit /wp-admin/. - Add a Catalog Product in /wp-admin/admin.php?page=fancyproductdesigner -...

7.4AI score0.00641EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.17 views

WP SMS < 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 6.3.4 due to insufficient input sanitization and output escaping ...

6CVSS5.6AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.21 views

Tutor LMS < 2.6.1 - Missing Authorization

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticate...

4.3CVSS6.2AI score0.00375EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.15 views

Password Protected < 2.6.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape its Google Captcha Site Key settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.9AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.9 views

Database Reset < 3.23 - Cross-Site Request Forgery to WP Reset Plugin Installation

Description The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the installwpr function. This makes it possible for unauthenticated attackers to install the WP Reset...

4.3CVSS6.6AI score0.0027EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.19 views

ProfilePress < 4.15.0 - Unauthenticated Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'name' parameter due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This...

6.4CVSS5.8AI score0.00572EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.13 views

postMash – custom post order <= 1.2.0 - Unauthenticated SQL Injection

Description The postMash – custom post order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.4CVSS7.4AI score0.00565EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.11 views

WP Testimonials < 1.4.4 - Authenticated (Contributor+) SQL Injection

Description The WP Testimonials plugin for WordPress is vulnerable to SQL Injection via the 'widgetid' parameter in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.6CVSS7.5AI score0.00547EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.20 views

Schema & Structured Data for WP & AMP < 1.27 - Contributor+ reCaptcha Key Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function, allowing authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially...

4.3CVSS5AI score0.00431EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.12 views

Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC otwshortcodetabslayout...

7.6AI score0.00431EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.18 views

Innovs HR <= 1.0.3.4 - Employee Creation via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. PoC...

6.5AI score0.00366EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.15 views

Simple Job Board < 2.11.0 - Missing Authorization to Unauthenticated Information Disclosure

Description The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetchquickjob function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts,...

5CVSS7AI score0.00909EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.18 views

Sitepact's Contact Form 7 Extension For Klaviyo <= 1.0.5 - Unauthenticated SQL Injection

Description The Sitepact's Contact Form 7 Extension For Klaviyo plugin for WordPress is vulnerable to SQL Injection parameter in versions up to, and including, 1.0.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

6.8CVSS7.4AI score0.00377EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.18 views

InstaWP Connect < 0.1.0.9 - Authenticated (Subscriber+) Remote Code Execution

Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.1.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server...

9.9CVSS7.6AI score0.00681EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.14 views

Page scroll to id < 1.7.9 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.7AI score0.00439EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.13 views

File Manager Pro < 8.3.5 - Reflected Cross-Site Scripting

Description The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.8CVSS6.5AI score0.00466EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.20 views

Ocean Extra < 2.2.5 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via custom fields due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesse...

6.4CVSS5.6AI score0.00463EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.22 views

ProfilePress < 4.15.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its login-password shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5CVSS5.7AI score0.00483EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.18 views

Custom Field Template < 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via $search_label

Description The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $searchlabel parameter in versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6CVSS5.7AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.8 views

WooCommerce Google Sheet Connector < 1.3.12 - Missing Authorization

Description The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the executepostdata function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update...

5.3CVSS6.7AI score0.00431EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.12 views

Backup Bolt < 1.4.0 - Sensitive Data Exposure

Description The plugin is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. PoC Access the error lo...

9.2AI score0.0055EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.22 views

Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure

Description The plugin contains a vulnerability that allows you to read and download PHP logs without authorization PoC 1 Admin should click on "Save as TXT file" in http://yoursite/wordpress/wp-admin/admin.php?page=rrrlgvwr-monitor.php 2 Then someone else can go to...

8.6AI score0.00587EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.11 views

Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce < 3.2.9 - Reflected Cross-Site Scripting

Description The Cost of Goods Sold COGS: Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'section' parameter in all versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping. This makes it...

5.8CVSS6.5AI score0.00397EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.9 views

Widgets Controller <= 1.1 - Unauthenticated Cross-Site Scripting

Description The Widgets Controller plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

7.1CVSS6.5AI score0.00333EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.15 views

3D FlipBook – PDF Flipbook WordPress < 1.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks

Description The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.17 views

Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking

Description The plugin does not have authorisation and CSRF in various function hooked to admininit, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example PoC As unauthenticated, open the following URL to unlink the Instagram account of the user with...

6.8AI score0.00351EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.20 views

My Calendar < 3.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The My Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6CVSS5.9AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.21 views

Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset

Description The plugin does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action PoC Log in as a subscriber, access the Diagnostic tab of the plugin /wp-admin/admin.php?page=enjoyinstagrampluginoptions=diagnostic and click...

6.3AI score0.0077EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.24 views

WP Setup Wizard < 1.0.8.2 - Authenticated (Subscriber+) Full Database Download

Description The WP Setup Wizard plugin for WordPress is vulnerable to unauthorized access of datadue to a missing capability check in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to download the entire...

6.5CVSS6.3AI score0.00644EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.25 views

Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC Upload an SVG with the following code: Access the uploaded file directly to see the XSS...

8.4AI score0.00371EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.18 views

Action Network < 1.4.3 - Reflected Cross-Site Scripting via 'search'

Description The Action Network plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.8CVSS6.2AI score0.00334EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/19 12:0 a.m.13 views

Featured Image from URL (FIFU) < 4.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url

Description The Featured Image from URL FIFU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifuinputurl parameter in all versions up to, and including, 4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS5.9AI score0.00429EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/19 12:0 a.m.21 views

Link Library < 7.6.1 - Unauthenticated Stored Cross-Site Scripting

Description The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'llreciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.5CVSS6AI score0.00415EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/19 12:0 a.m.10 views

Oliver POS < 2.4.2.1 - Subscriber+ Unauthorized AJAX Calls

Description The plugin is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file, allowing authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions li...

7.3CVSS5.5AI score0.00511EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/19 12:0 a.m.20 views

Contact Form builder with drag & drop for WordPress – Kali Forms < 2.3.42 - Missing Authorization

Description The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it...

5.4CVSS6.7AI score0.00308EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/19 12:0 a.m.23 views

Formidable Registration < 2.12 - Contributor+ Arbitrary User Password Reset To Account Takeover

Description The plugin does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts. PoC 1. ADMIN: Install Formidable Pro plugin 2. ADMIN: Install...

6.6AI score0.00554EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/19 12:0 a.m.12 views

Contact Form builder with drag & drop for WordPress – Kali Forms < 2.3.42 - Missing Authorization to Arbitrary Plugin Deactivation

Description The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the awaitplugindeactivation function in all versions up to, and including, 2.3.41. This makes it possible fo...

7.6CVSS7.3AI score0.00306EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/19 12:0 a.m.9 views

WPify Woo Czech < 4.0.9 - Missing Authorization

Description The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybesendtopacketa function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for...

5CVSS6.3AI score0.00455EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/19 12:0 a.m.15 views

Coming Soon Maintenance Mode < 1.0.6 - Information Exposure

Description The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provid...

5CVSS6.4AI score0.00461EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/17 12:0 a.m.21 views

404 Solution < 2.35.8 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins. PoC 1. navigate to logs "https://example.com/wp-admin/options-general.php?page=abj404solution=abj404logs"...

7.2CVSS7.1AI score0.00756EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/02/17 12:0 a.m.19 views

Login as User or Customer <= 3.8 - Admin Account Takeover

Description The plugin does not prevent users to log in as any other user on the site. PoC 1. As an admin, log in as some user. Note the user ID. 2. Run the following curl command, filling in the ADMINID and the USERID: curl -v https://example.com/wp-admin/admin-ajax.php -H 'Cookie:...

6.4AI score0.00636EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2024/02/17 12:0 a.m.15 views

Seriously Simple Podcasting < 3.0.0 - Unauthenticated Administrator Email Disclosure

Description The plugin discloses the Podcast owner's email address which by default is the admin email address via an unauthenticated crafted request. This was fixed in 3.0.0 for new plugin installation, however when upgrading, users will have to unset the "Owner email address" in the Feed Detail...

6.6AI score0.02463EPSS
Exploits3Affected Software1
Total number of security vulnerabilities14603