CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-28865 – WordPress WP Colorful Tag Cloud plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-28865
24 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lionelroux WP Colorful Tag Cloud allows Reflected XSS. This issue affects WP Colorful Tag Cloud: from n/a through 2.0.1. The WP Colorful Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages ... • https://patchstack.com/database/wordpress/plugin/wp-colorful-tag-cloud/vulnerability/wordpress-wp-colorful-tag-cloud-plugin-2-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26878 – WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.8.0.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26878
22 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in patternsinthecloud Autoship Cloud for WooCommerce Subscription Products allows DOM-Based XSS. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.8.0.1. The Autoship Cloud for WooCommerce Subscription Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.0.1 due to insufficient input sanitization and output es... • https://patchstack.com/database/wordpress/plugin/autoship-cloud/vulnerability/wordpress-autoship-cloud-for-woocommerce-subscription-products-plugin-2-8-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23819 – WordPress WP Cloud plugin <= 1.4.3 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-23819
16 Jan 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound WP Cloud allows Absolute Path Traversal. This issue affects WP Cloud: from n/a through 1.4.3. The WP Cloud plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. • https://patchstack.com/database/wordpress/plugin/cloud/vulnerability/wordpress-wp-cloud-plugin-1-4-3-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38826 – CVE-2024-38826 Cloud Controller Denial of Service Attack
https://notcve.org/view.php?id=CVE-2024-38826
11 Nov 2024 — Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: * Upgrade capi release version to 1.194.0 or greater * Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release • https://www.cloudfoundry.org/blog/cve-2024-38826-cloud-controller-denial-of-service-attack • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48548
https://notcve.org/view.php?id=CVE-2024-48548
24 Oct 2024 — The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack. • https://cloudsmartlock.com/m/app.html • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32777 – WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32777
22 Apr 2024 — Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through 4.3.39. Vulnerabilidad de autorización faltante en BizSwoop de CPF Concepts, LLC Brand BizPrint. Este problema afecta a BizPrint: desde n/a hasta 4.3.39. The BizPrint plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showTemplatePreview() function in versions up to, and including, 4.3.39. This makes it possible for unauthent... • https://patchstack.com/database/vulnerability/print-google-cloud-print-gcp-woocommerce/wordpress-bizprint-plugin-4-3-39-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29773 – WordPress BizPrint plugin <= 4.5.5 - CSRF to XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-29773
25 Mar 2024 — Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en BizSwoop a CPF Concepts, LLC Brand BizPrint permite cross-site scripting (XSS). Este problema afecta a BizPrint: desde n/a hasta 4.5.5. The BizPrint plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.5. This is due to missi... • https://patchstack.com/database/vulnerability/print-google-cloud-print-gcp-woocommerce/wordpress-bizprint-plugin-4-5-5-csrf-to-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34735
https://notcve.org/view.php?id=CVE-2023-34735
29 Jun 2023 — Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection. • https://github.com/prismbreak/vulnerabilities/issues/4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0421 – Cloud Manager <= 1.0 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-0421
12 Apr 2023 — The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link. The Cloud Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ricerca’ parameter in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers... • https://wpscan.com/vulnerability/a356fea0-f143-4736-b2b2-c545c525335c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28995 – WordPress Configurable Tag Cloud Plugin <= 5.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28995
30 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Configurable Tag Cloud (CTC) plugin <= 5.2 versions. The Configurable Tag Cloud plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.2. This is due to missing nonce validation on the ctc_options_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as cli... • https://patchstack.com/database/vulnerability/configurable-tag-cloud-widget/wordpress-configurable-tag-cloud-plugin-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •