Vulnerabilities in specialk
19 resultsCVE-2019-25138CRITICALUser Submitted Posts <= 20190312 - Unauthenticated Arbitrary File UploadEPSS 2.3%CVE-2025-13677MEDIUMSimple Download Counter <= 2.2.2 - Authenticated (Administrator+) Arbitrary File Read via Path TraversalEPSS 0.4%CVE-2023-5614MEDIUMTheme Switcha <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.4%CVE-2025-1730MEDIUMSimple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File ReadEPSS 0.4%CVE-2024-0979MEDIUMDashboard Widgets Suite <= 3.4.3 - Reflected Cross-Site ScriptingEPSS 0.4%CVE-2023-4308HIGHUser Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content'EPSS 0.4%CVE-2026-2126MEDIUMUser Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' ParameterEPSS 0.3%CVE-2025-10745MEDIUMBanhammer – Monitor Site Traffic, Block Bad Users and Bots <= 3.4.8 - Unauthenticated Protection Mechanism BypassEPSS 0.3%CVE-2024-2956MEDIUMSimple Ajax Chat <= 20231101 - Authenticated (Admin+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2023-4779MEDIUMUser Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.3%CVE-2026-4329HIGHBlackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP HeaderEPSS 0.3%CVE-2023-4838MEDIUMThe Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to,EPSS 0.3%CVE-2026-3876HIGHPrismatic <= 3.7.3 - Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-ShortcodeEPSS 0.3%CVE-2026-4278MEDIUMSimple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode AttributeEPSS 0.2%CVE-2026-0913MEDIUMUser Submitted Posts <= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' ShortcodeEPSS 0.2%CVE-2026-0800HIGHUser Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom FieldEPSS 0.2%CVE-2025-2874MEDIUMUser Submitted Posts <= 20241026 - Authenticated (Admin+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2026-0608MEDIUMHead Meta Data <= 20251118 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post MetaEPSS 0.2%CVE-2026-2987MEDIUMSimple Ajax Chat <= 20260217 - Unauthenticated Stored Cross-Site Scripting via 'c'EPSS 0.2%