Lucene search

K

ARI Fancy Lightbox – WordPress Popup Security Vulnerabilities

cve
cve

CVE-2023-25799

Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through...

8.3CVSS

8.3AI Score

0.0004EPSS

2024-06-11 10:15 AM
26
cvelist
cvelist

CVE-2024-5584 WordPress Online Booking and Scheduling Plugin – Bookly <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter

The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

0.0004EPSS

2024-06-11 09:32 AM
3
vulnrichment
vulnrichment

CVE-2024-5584 WordPress Online Booking and Scheduling Plugin – Bookly <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter

The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-11 09:32 AM
vulnrichment
vulnrichment

CVE-2024-34824 WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-06-11 09:27 AM
cvelist
cvelist

CVE-2024-34824 WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-11 09:27 AM
2
cvelist
cvelist

CVE-2023-52217 WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-11 09:26 AM
1
vulnrichment
vulnrichment

CVE-2023-52217 WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-06-11 09:26 AM
cvelist
cvelist

CVE-2024-24704 WordPress Load More Anything plugin <= 3.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-11 09:25 AM
2
vulnrichment
vulnrichment

CVE-2024-24704 WordPress Load More Anything plugin <= 3.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through...

5.4CVSS

6.9AI Score

0.0004EPSS

2024-06-11 09:25 AM
vulnrichment
vulnrichment

CVE-2023-52186 WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-11 09:23 AM
1
cvelist
cvelist

CVE-2023-52186 WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-11 09:23 AM
1
vulnrichment
vulnrichment

CVE-2024-35692 WordPress GDPR/CCPA Cookie Consent Banner plugin <= 3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-11 09:21 AM
cvelist
cvelist

CVE-2024-35692 WordPress GDPR/CCPA Cookie Consent Banner plugin <= 3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-11 09:21 AM
3
cvelist
cvelist

CVE-2024-35716 WordPress Copymatic plugin <= 1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-11 09:19 AM
2
vulnrichment
vulnrichment

CVE-2024-35716 WordPress Copymatic plugin <= 1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-11 09:19 AM
cvelist
cvelist

CVE-2023-33922 WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-11 09:17 AM
1
vulnrichment
vulnrichment

CVE-2023-33922 WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through...

4.3CVSS

7AI Score

0.0004EPSS

2024-06-11 09:17 AM
1
vulnrichment
vulnrichment

CVE-2023-28775 WordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerability

Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-11 09:16 AM
2
cvelist
cvelist

CVE-2023-28775 WordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerability

Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-11 09:16 AM
4
nvd
nvd

CVE-2024-5531

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS

0.0004EPSS

2024-06-11 09:15 AM
2
cve
cve

CVE-2024-5531

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-11 09:15 AM
22
cvelist
cvelist

CVE-2023-25799 WordPress Tutor LMS plugin <= 2.1.8 - Multiple Broken Access Control vulnerabilities

Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through...

8.3CVSS

0.0004EPSS

2024-06-11 09:15 AM
2
vulnrichment
vulnrichment

CVE-2024-5531 Ocean Extra <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flickr Widget

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-06-11 08:32 AM
cvelist
cvelist

CVE-2024-5531 Ocean Extra <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flickr Widget

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS

0.0004EPSS

2024-06-11 08:32 AM
2
cve
cve

CVE-2024-4266

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...

5.3CVSS

5.3AI Score

0.001EPSS

2024-06-11 08:15 AM
22
nvd
nvd

CVE-2024-4266

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...

5.3CVSS

0.001EPSS

2024-06-11 08:15 AM
3
cvelist
cvelist

CVE-2024-4266 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...

5.3CVSS

0.001EPSS

2024-06-11 07:32 AM
1
vulnrichment
vulnrichment

CVE-2024-4266 MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure

The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as...

5.3CVSS

6.8AI Score

0.001EPSS

2024-06-11 07:32 AM
nvd
nvd

CVE-2024-3549

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL....

9.9CVSS

0.001EPSS

2024-06-11 07:15 AM
3
cve
cve

CVE-2024-3549

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL....

9.9CVSS

9.5AI Score

0.001EPSS

2024-06-11 07:15 AM
29
cvelist
cvelist

CVE-2024-3549 Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL....

9.9CVSS

0.001EPSS

2024-06-11 06:44 AM
3
nvd
nvd

CVE-2024-4319

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....

5.3CVSS

0.0005EPSS

2024-06-11 06:15 AM
2
cve
cve

CVE-2024-4319

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....

5.3CVSS

5.2AI Score

0.0005EPSS

2024-06-11 06:15 AM
24
nvd
nvd

CVE-2024-3723

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

5.3CVSS

0.0005EPSS

2024-06-11 06:15 AM
2
cve
cve

CVE-2024-3723

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

5.3CVSS

5.2AI Score

0.0005EPSS

2024-06-11 06:15 AM
22
cvelist
cvelist

CVE-2024-3723 Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this....

5.3CVSS

0.0005EPSS

2024-06-11 05:33 AM
1
cvelist
cvelist

CVE-2024-4319 Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....

5.3CVSS

0.0005EPSS

2024-06-11 05:33 AM
2
vulnrichment
vulnrichment

CVE-2024-4319 Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....

5.3CVSS

6.8AI Score

0.0005EPSS

2024-06-11 05:33 AM
cve
cve

CVE-2024-5530

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

6.4CVSS

5.7AI Score

0.001EPSS

2024-06-11 05:15 AM
24
nvd
nvd

CVE-2024-5530

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

6.4CVSS

0.001EPSS

2024-06-11 05:15 AM
2
vulnrichment
vulnrichment

CVE-2024-5530 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-11 04:32 AM
cvelist
cvelist

CVE-2024-5530 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to...

6.4CVSS

0.001EPSS

2024-06-11 04:32 AM
1
nvd
nvd

CVE-2023-7264

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset...

8.1CVSS

0.001EPSS

2024-06-11 04:15 AM
1
cve
cve

CVE-2023-7264

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset...

8.1CVSS

8.1AI Score

0.001EPSS

2024-06-11 04:15 AM
25
vulnrichment
vulnrichment

CVE-2023-7264 Build App Online <= 1.0.21 - Account Takeover via Weak Password Reset Mechanism

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset...

8.1CVSS

7.2AI Score

0.001EPSS

2024-06-11 03:16 AM
cvelist
cvelist

CVE-2023-7264 Build App Online <= 1.0.21 - Account Takeover via Weak Password Reset Mechanism

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset...

8.1CVSS

0.001EPSS

2024-06-11 03:16 AM
2
cve
cve

CVE-2024-5090

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-11 03:15 AM
23
nvd
nvd

CVE-2024-5090

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

0.0004EPSS

2024-06-11 03:15 AM
1
nvd
nvd

CVE-2024-2473

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

5.3CVSS

0.0005EPSS

2024-06-11 03:15 AM
2
cve
cve

CVE-2024-2473

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-06-11 03:15 AM
22
Total number of security vulnerabilities95578