Show filters
41 Total Results
Displaying 1-10 of 41
Sort by:
Attacker Value
Unknown

CVE-2025-25156

Disclosure Date: February 07, 2025 (last updated February 07, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments allows Stored XSS. This issue affects Quote Comments: from n/a through 2.2.1.
0
0
Attacker Value
Unknown

CVE-2025-25141

Disclosure Date: February 07, 2025 (last updated February 07, 2025)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami Sales Popup allows PHP Local File Inclusion. This issue affects Fami Sales Popup: from n/a through 2.0.0.
0
0
Attacker Value
Unknown

CVE-2025-23724

Disclosure Date: January 23, 2025 (last updated January 24, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oleksandr Ustymenko University Quizzes Online allows Reflected XSS. This issue affects University Quizzes Online: from n/a through 1.4.
0
0
Attacker Value
Unknown

CVE-2025-23456

Disclosure Date: January 16, 2025 (last updated January 17, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Somethinkodd.com Development Team EmailShroud allows Reflected XSS.This issue affects EmailShroud: from n/a through 2.2.1.
0
0
Attacker Value
Unknown

CVE-2025-22325

Disclosure Date: January 07, 2025 (last updated January 07, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Nik Chankov Autocompleter allows Stored XSS.This issue affects Autocompleter: from n/a through 1.3.5.2.
0
0
Attacker Value
Unknown

CVE-2023-46203

Disclosure Date: January 02, 2025 (last updated January 03, 2025)
Missing Authorization vulnerability in JustCoded / Alex Prokopenko Just Custom Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Custom Fields: from n/a through 3.3.2.
0
0
Attacker Value
Unknown

CVE-2024-5020

Disclosure Date: December 04, 2024 (last updated December 21, 2024)
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-52425

Disclosure Date: November 18, 2024 (last updated November 21, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Urchenko Drozd – Addons for Elementor allows Stored XSS.This issue affects Drozd – Addons for Elementor: from n/a through 1.1.1.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-51602

Disclosure Date: November 09, 2024 (last updated November 09, 2024)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oleksandr Ustymenko Simple Job Manager allows SQL Injection.This issue affects Simple Job Manager: from n/a through 1.1.
0
0
Attacker Value
Unknown

CVE-2024-47336

Disclosure Date: October 06, 2024 (last updated October 06, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vladimir Statsenko Terms descriptions allows Stored XSS.This issue affects Terms descriptions: from n/a through 3.4.6.
0
0
View More Topics  Next >