Search Results | AttackerKB

Show filters

Topics 559 Users 9,700

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

559 Total Results

Displaying 21-30 of 559

Attacker Value

Unknown

CVE-2024-13492

Disclosure Date: February 07, 2025 (last updated February 07, 2025)

The Guten Free Options WordPress plugin through 0.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

0

Attacker Value

Unknown

CVE-2024-13352

Disclosure Date: February 07, 2025 (last updated February 07, 2025)

The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

0

Attacker Value

Unknown

CVE-2025-0522

Disclosure Date: February 06, 2025 (last updated February 06, 2025)

The LikeBot WordPress plugin through 0.85 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

0

Attacker Value

Unknown

CVE-2025-0466

Disclosure Date: February 04, 2025 (last updated February 04, 2025)

The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.

0

Attacker Value

Unknown

CVE-2025-0368

Disclosure Date: February 04, 2025 (last updated February 04, 2025)

The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users.

0

Attacker Value

Unknown

CVE-2024-13332

Disclosure Date: February 04, 2025 (last updated February 04, 2025)

The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

0

Attacker Value

Unknown

CVE-2024-13331

Disclosure Date: February 04, 2025 (last updated February 04, 2025)

The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

0

Attacker Value

Unknown

CVE-2024-13330

Disclosure Date: February 04, 2025 (last updated February 04, 2025)

The JustRows free WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

0

Attacker Value

Unknown

CVE-2024-13329

Disclosure Date: February 04, 2025 (last updated February 04, 2025)

The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

0

Attacker Value

Unknown

CVE-2024-13328

Disclosure Date: February 04, 2025 (last updated February 04, 2025)

The Giga Messenger WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

0