Lucene search

K

Event Calendar – Calendar (WordPress Plugin) Security Vulnerabilities

cvelist
cvelist

CVE-2024-35781 WordPress Word Balloon plugin <= 4.21.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-21 04:04 PM
2
cvelist
cvelist

CVE-2024-35778 WordPress Slideshow SE plugin <= 2.5.17 - Auth. Limited Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-21 04:02 PM
3
cvelist
cvelist

CVE-2024-35767 WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through...

9.1CVSS

0.0004EPSS

2024-06-21 04:00 PM
7
cvelist
cvelist

CVE-2023-38389 WordPress Jupiter X Core plugin <= 3.3.8 - Unauthenticated Account Takeover vulnerability

Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through...

9.8CVSS

0.0004EPSS

2024-06-21 03:58 PM
3
cvelist
cvelist

CVE-2022-44593 WordPress Solid Security plugin <= 9.3.1 - IP Spoofing Leading to Denial of Service vulnerability

Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through...

3.7CVSS

0.0004EPSS

2024-06-21 03:56 PM
2
cvelist
cvelist

CVE-2022-44587 WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-21 03:54 PM
3
cvelist
cvelist

CVE-2022-38055 WordPress wpForo Forum plugin <= 2.0.9 - Auth. HTML Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-21 03:52 PM
1
vulnrichment
vulnrichment

CVE-2022-38055 WordPress wpForo Forum plugin <= 2.0.9 - Auth. HTML Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through...

4.3CVSS

6.8AI Score

0.0004EPSS

2024-06-21 03:52 PM
osv
osv

CVE-2023-45197

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...

7AI Score

0.0004EPSS

2024-06-21 03:15 PM
1
nvd
nvd

CVE-2023-45197

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...

0.0004EPSS

2024-06-21 03:15 PM
cve
cve

CVE-2023-45197

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...

7.3AI Score

0.0004EPSS

2024-06-21 03:15 PM
13
cvelist
cvelist

CVE-2023-45197

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...

0.0004EPSS

2024-06-21 02:28 PM
4
vulnrichment
vulnrichment

CVE-2023-45197

The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in...

7AI Score

0.0004EPSS

2024-06-21 02:28 PM
1
cve
cve

CVE-2024-37227

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-21 02:15 PM
13
cve
cve

CVE-2024-37230

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through...

4.3CVSS

4.6AI Score

0.0004EPSS

2024-06-21 02:15 PM
15
nvd
nvd

CVE-2024-37227

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-21 02:15 PM
3
nvd
nvd

CVE-2024-37230

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-21 02:15 PM
nvd
nvd

CVE-2024-37118

Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-21 02:15 PM
3
cve
cve

CVE-2024-37198

Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-21 02:15 PM
14
cve
cve

CVE-2024-37118

Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through...

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-21 02:15 PM
14
cve
cve

CVE-2024-37212

Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through...

8.3CVSS

8.3AI Score

0.0004EPSS

2024-06-21 02:15 PM
13
nvd
nvd

CVE-2024-37198

Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-21 02:15 PM
nvd
nvd

CVE-2024-37212

Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through...

8.3CVSS

0.0004EPSS

2024-06-21 02:15 PM
2
cve
cve

CVE-2023-51375

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-21 02:15 PM
16
nvd
nvd

CVE-2022-45803

Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-21 02:15 PM
2
nvd
nvd

CVE-2023-51375

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-21 02:15 PM
1
cve
cve

CVE-2022-45803

Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-21 02:15 PM
14
cve
cve

CVE-2022-43453

Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-06-21 02:15 PM
12
nvd
nvd

CVE-2022-43453

Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through...

8.8CVSS

0.0004EPSS

2024-06-21 02:15 PM
2
cvelist
cvelist

CVE-2024-37118 WordPress Uncanny Automator Pro plugin <= 5.3 - Cross Site Request Forgery (CSRF) Leading to License Settings Reset vulnerability

Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.This issue affects Uncanny Automator Pro: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-21 01:47 PM
3
cvelist
cvelist

CVE-2024-37198 WordPress Digital Newspaper theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-21 01:46 PM
4
cvelist
cvelist

CVE-2024-37212 WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - CSRF to PHP Object Injection vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.This issue affects Ali2Woo Lite: from n/a through...

8.3CVSS

0.0004EPSS

2024-06-21 01:45 PM
4
cvelist
cvelist

CVE-2024-37227 WordPress Newsletters plugin <= 4.9.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-21 01:40 PM
2
cvelist
cvelist

CVE-2024-37230 WordPress Book Landing Page theme <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-21 01:38 PM
2
cvelist
cvelist

CVE-2023-51375 WordPress EmbedPress plugin <= 3.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-21 01:37 PM
3
cvelist
cvelist

CVE-2022-45803 WordPress Gutenberg Forms plugin <= 2.2.8.3 - Auth. Broken Access Control vulnerability

Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-21 01:35 PM
2
vulnrichment
vulnrichment

CVE-2022-45803 WordPress Gutenberg Forms plugin <= 2.2.8.3 - Auth. Broken Access Control vulnerability

Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through...

6.5CVSS

6.9AI Score

0.0004EPSS

2024-06-21 01:35 PM
cvelist
cvelist

CVE-2022-43453 WordPress WP Tools plugin <= 3.41 - Auth. Broken Access Control vulnerability

Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through...

8.8CVSS

0.0004EPSS

2024-06-21 01:33 PM
3
nvd
nvd

CVE-2024-35776

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-21 01:15 PM
5
cve
cve

CVE-2024-35772

Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through...

4.3CVSS

4.6AI Score

0.0004EPSS

2024-06-21 01:15 PM
14
nvd
nvd

CVE-2024-35772

Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-21 01:15 PM
4
cve
cve

CVE-2024-5059

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-06-21 01:15 PM
15
nvd
nvd

CVE-2024-5059

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-21 01:15 PM
4
cve
cve

CVE-2024-35776

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through...

5.3CVSS

5.2AI Score

0.0004EPSS

2024-06-21 01:15 PM
14
nvd
nvd

CVE-2024-35770

Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-21 01:15 PM
5
cve
cve

CVE-2024-35768

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through...

5.9CVSS

5.8AI Score

0.0004EPSS

2024-06-21 01:15 PM
16
cve
cve

CVE-2024-35766

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS.This issue affects WPPizza: from n/a through...

7.1CVSS

7AI Score

0.0004EPSS

2024-06-21 01:15 PM
13
nvd
nvd

CVE-2024-35771

Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-21 01:15 PM
3
cve
cve

CVE-2024-35771

Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through...

4.3CVSS

4.6AI Score

0.0004EPSS

2024-06-21 01:15 PM
14
nvd
nvd

CVE-2024-35766

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS.This issue affects WPPizza: from n/a through...

7.1CVSS

0.0004EPSS

2024-06-21 01:15 PM
2
Total number of security vulnerabilities271180