Scriptsbundle
Products
5- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54686 | Cri | 0.64 | 9.8 | 0.00 | Aug 14, 2025 | Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio exertio allows Object Injection.This issue affects Exertio: from n/a through <= 1.3.2. | ||
| CVE-2025-49402 | Hig | 0.55 | 8.5 | 0.00 | Aug 28, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scriptsbundle Exertio Framework exertio-framework allows Blind SQL Injection.This issue affects Exertio Framework: from n/a through <= 1.3.3. | ||
| CVE-2024-13373 | Hig | 0.53 | 8.1 | 0.00 | Mar 1, 2025 | The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the… | ||
| CVE-2025-69317 | Hig | 0.46 | 7.1 | 0.00 | Jan 22, 2026 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through < 2.4.6. | ||
| CVE-2025-58259 | Hig | 0.46 | 7.1 | 0.00 | Sep 22, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in scriptsbundle Nokri nokri allows Cross Site Request Forgery.This issue affects Nokri: from n/a through <= 1.6.4. | ||
| CVE-2024-12860 | 0.00 | — | 0.00 | Feb 18, 2025 | The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This… | |||
| CVE-2025-0169 | 0.00 | — | 0.00 | Feb 8, 2025 | The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated… |
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio exertio allows Object Injection.This issue affects Exertio: from n/a through <= 1.3.2.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scriptsbundle Exertio Framework exertio-framework allows Blind SQL Injection.This issue affects Exertio Framework: from n/a through <= 1.3.3.
- risk 0.53cvss 8.1epss 0.00
The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through < 2.4.6.
- risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in scriptsbundle Nokri nokri allows Cross Site Request Forgery.This issue affects Nokri: from n/a through <= 1.6.4.
- CVE-2024-12860Feb 18, 2025risk 0.00cvss —epss 0.00
The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This…
- CVE-2025-0169Feb 8, 2025risk 0.00cvss —epss 0.00
The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…