Search
Search Results (4 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13887 | 2 Wisdmlabs, Wordpress | 2 Ai Botkit, Wordpress | 2026-01-08 | 6.4 Medium |
| The AI BotKit – AI Chatbot & Live Support for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the `ai_botkit_widget` shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-3964 | 1 Wisdmlabs | 1 Product Enquiry For Woocommerce | 2025-05-13 | 5.9 Medium |
| The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2025-24593 | 1 Wisdmlabs | 1 Edwiser Bridge | 2025-02-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge allows Reflected XSS. This issue affects Edwiser Bridge: from n/a through 3.0.8. | ||||
| CVE-2024-31260 | 1 Wisdmlabs | 1 Edwiser Bridge | 2025-02-07 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.2. | ||||
Page 1 of 1.