Remote code execution in Kentico Xperience CMS versions through 13.0.178 allows authenticated administrators to upload arbitrary files to controlled server paths via path traversal in the Staging Sync Server component. Confirmed actively exploited in the wild (CISA KEV). Public exploit available with detailed bypass techniques. EPSS score of 1.23% (79th percentile) suggests targeted exploitation rather than widespread scanning. While CVSS 7.2 requires high-privilege (administrator) authentication, active exploitation status makes this a priority for organizations running Kentico CMS.
SQL injection in WP Featured Entries WordPress plugin versions up to 1.0 enables authenticated attackers with low-level privileges to extract sensitive database contents and potentially cause database denial of service through scope change. Reported by Patchstack audit team, this vulnerability has low exploitation probability (EPSS 0.09%, 25th percentile) and no confirmed active exploitation or public POC. The scope-changing nature (S:C) allows attackers to impact resources beyond the vulnerable component, escalating the attack's reach despite requiring initial authentication.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dourou Flickr set slideshows allows SQL Injection.9. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Software installed and run as a non-privileged user may conduct improper GPU system calls to issue reads and writes to arbitrary physical memory pages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.
kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQL injection in WP Profitshare plugin for WordPress allows authenticated administrators to extract sensitive database contents or disrupt availability. Affects versions up to 1.4.9. The CVSS 7.6 score reflects high confidentiality impact with scope change, indicating potential database-wide access beyond the plugin's normal privileges. EPSS score of 0.21% (44th percentile) suggests low current exploitation probability, and no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.
SQL injection in Super Simple Subscriptions WordPress plugin through version 1.1.0 allows high-privileged administrators to extract database contents and potentially cause service disruption. The vulnerability requires authenticated admin access (PR:H) but enables cross-scope impact (S:C), allowing compromise beyond the plugin's normal boundaries to potentially access WordPress database tables containing user credentials, payment data, or other sensitive information. With EPSS at 0.21% (44th percentile) and no confirmed active exploitation, this represents a moderate insider threat or account compromise scenario rather than an immediate mass-exploitation risk.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jiangqie JiangQie Official Website Mini Program allows Blind SQL Injection.8.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in STEdb Corp. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AliRezaMohammadi دکمه، شبکه اجتماعی خرید allows SQL Injection.0.6. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a bruteforce attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A use of a cryptographically weak pseudo-random number generator vulnerability in the authenticator of the Identity Based Encryption service of FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's network and accessing the API on port 80 and RTSP on port 554, an attacker can bypass the device authorization mechanism from the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in ryan_xantoo Map Contact allows Stored XSS.0.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in shawfactor LH OGP Meta allows Stored XSS.73. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in bbodine1 cTabs allows Stored XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in alphaomegaplugins AlphaOmega Captcha & Anti-Spam Filter allows Stored XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in ProRankTracker Pro Rank Tracker allows Stored XSS.0.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in hotvanrod AdSense Privacy Policy allows Stored XSS.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) enables stored cross-site scripting (XSS) in WordPress Admin Bar Improved plugin versions up to 3.3.5, allowing attackers to trick authenticated administrators into executing malicious code that persists in the WordPress admin interface. The vulnerability chains CSRF with stored XSS, enabling attackers to inject scripts that execute whenever any user accesses affected admin pages. EPSS exploitation probability is low (0.08%, 24th percentile), no active exploitation confirmed via CISA KEV, and Patchstack has documented this vulnerability with attack chain details.
CSRF vulnerability in CallPhone'r WordPress plugin through version 1.1.1 enables attackers to trick authenticated administrators into executing malicious requests that inject persistent XSS payloads into the application. This chained attack bypasses CSRF protections, allowing stored cross-site scripting that executes in victim browsers. The vulnerability requires user interaction (tricking an admin to click a malicious link) but needs no authentication from the attacker's perspective. EPSS probability of 0.08% (24th percentile) indicates low observed exploitation in the wild, with no CISA KEV listing or public POC identified at time of analysis.
Cross-Site Request Forgery in Contact Form 7 Material Design plugin versions up to 1.0.0 allows attackers to trick authenticated administrators into executing malicious requests that inject persistent JavaScript, achieving Stored XSS. CVSS 7.1 reflects the changed scope (S:C) and multi-stage attack requiring user interaction. EPSS score of 0.08% (24th percentile) indicates low probability of mass exploitation, with no evidence of active exploitation (not in CISA KEV) or public POC at time of analysis. This CSRF-to-XSS chain targets WordPress site administrators.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alphasis Related Posts via Categories allows Stored XSS.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in mendibass Browser Address Bar Color allows Stored XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Igor Yavych Simple Rating allows Stored XSS.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Stored cross-site scripting in Banner Manager WordPress plugin through version 16.04.19 is achievable via CSRF attack vector, allowing attackers to inject malicious scripts that execute in victim administrators' browsers. The vulnerability chains a CSRF weakness (CWE-352) with XSS payload injection, enabling attackers to compromise admin sessions by tricking authenticated users into visiting attacker-controlled pages. No public exploit identified at time of analysis, with EPSS indicating 0.04% exploitation probability (12th percentile), suggesting low observed threat actor interest despite the cross-scope impact and network attack vector.
Stored Cross-Site Scripting can be injected into Custom Script Integration for WordPress via Cross-Site Request Forgery attack affecting versions up to and including 2.1. Attackers can trick authenticated administrators into submitting malicious script payloads that persist in the site database and execute in victims' browsers. EPSS score of 0.04% (12th percentile) indicates low automated exploitation likelihood, and no active exploitation or public exploit code has been identified at time of analysis, though the vulnerability has been publicly documented by Patchstack.
Cross-site request forgery (CSRF) in CAS Maestro WordPress plugin versions up to 1.1.3 enables attackers to chain CSRF with stored XSS, allowing malicious scripts to be persistently injected into the application. Attackers trick authenticated administrators into executing forged requests that store malicious payloads, which then execute in victims' browsers with administrator privileges. EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability, and no active exploitation is confirmed in CISA KEV. This WordPress plugin vulnerability requires social engineering to exploit but achieves scope change (S:C) allowing cross-context attacks once the stored XSS payload is injected.
Stored cross-site scripting (XSS) in jQuery Dropdown Menu WordPress plugin (versions up to 3.0) can be triggered via CSRF, allowing remote unauthenticated attackers to inject malicious scripts into the application when an authenticated administrator is tricked into submitting a crafted request. The vulnerability chains CSRF (CWE-352) with stored XSS, enabling persistent code execution in victim browsers with changed origin scope (S:C in CVSS vector). EPSS probability is low (0.04%, 12th percentile) indicating limited observed exploitation activity. No CISA KEV listing or public exploit code identified at time of analysis.
Cross-site request forgery in ANAC XML Render WordPress plugin versions through 1.5.7 enables stored cross-site scripting attacks. Remote unauthenticated attackers can trick authenticated administrators into executing malicious requests that inject persistent JavaScript payloads into the site. EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability, and no public exploit code or active exploitation has been identified at time of analysis.
CSRF vulnerability in WordPres 同步微博 WordPress plugin enables stored XSS attacks against site administrators. Unauthenticated remote attackers can craft malicious pages that trick authenticated administrators into executing attacker-controlled JavaScript stored in the WordPress database, leading to account compromise, content manipulation, or site takeover. EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability, and no active exploitation or public POC has been identified at time of analysis.
Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator allows Stored XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator allows Stored XSS.1.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb Replace Default Words allows Stored XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup allows Stored XSS.5.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink allows Stored XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.