Nicdark
Products
4- 4 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1382 | Hig | 0.57 | 8.8 | 0.01 | Mar 7, 2024 | The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. This makes it possible for authenticated attackers, with contributor-level access and… | ||
| CVE-2025-54046 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator ql-cost-calculator allows Stored XSS.This issue affects Cost Calculator: from n/a through <= 7.4. | ||
| CVE-2023-51403 | Med | 0.42 | 6.5 | 0.00 | Feb 12, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 1.8. | ||
| CVE-2023-1155 | Med | 0.42 | 6.4 | 0.00 | Mar 2, 2023 | The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2026-2506 | Med | 0.40 | 6.1 | 0.00 | Feb 26, 2026 | The EM Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to the plugin storing attacker-controlled 'customer_name' data and rendering it in the admin customer list without output escaping. This… | ||
| CVE-2024-5220 | Med | 0.35 | 6.4 | 0.00 | May 25, 2024 | The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with… | ||
| CVE-2025-54047 | Med | 0.28 | 4.3 | 0.00 | Jul 16, 2025 | Missing Authorization vulnerability in QuanticaLabs Cost Calculator ql-cost-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator: from n/a through <= 7.4. | ||
| CVE-2024-37223 | 0.00 | — | 0.00 | Jul 22, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 2.0. | |||
| CVE-2022-27859 | 0.00 | — | 0.01 | Jun 15, 2022 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress. |
- risk 0.57cvss 8.8epss 0.01
The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. This makes it possible for authenticated attackers, with contributor-level access and…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator ql-cost-calculator allows Stored XSS.This issue affects Cost Calculator: from n/a through <= 7.4.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 1.8.
- risk 0.42cvss 6.4epss 0.00
The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- risk 0.40cvss 6.1epss 0.00
The EM Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to the plugin storing attacker-controlled 'customer_name' data and rendering it in the admin customer list without output escaping. This…
- risk 0.35cvss 6.4epss 0.00
The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in QuanticaLabs Cost Calculator ql-cost-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator: from n/a through <= 7.4.
- CVE-2024-37223Jul 22, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 2.0.
- CVE-2022-27859Jun 15, 2022risk 0.00cvss —epss 0.01
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress.