Lucene search

K

Ibtana – WordPress Website Builder Security Vulnerabilities

cvelist
cvelist

CVE-2024-2122 FooGallery <= 2.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Custom URL

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS

0.0004EPSS

2024-06-14 05:39 AM
2
cvelist
cvelist

CVE-2024-5551 WP STAGING PRO - Backup Duplicator & Migration <= 5.6.0 - Cross-Site Request Forgery to Limited Local File Inclusion

The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup...

7.5CVSS

0.001EPSS

2024-06-14 05:39 AM
2
vulnrichment
vulnrichment

CVE-2024-5551 WP STAGING PRO - Backup Duplicator & Migration <= 5.6.0 - Cross-Site Request Forgery to Limited Local File Inclusion

The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup...

7.5CVSS

6.4AI Score

0.001EPSS

2024-06-14 05:39 AM
cvelist
cvelist

CVE-2024-23504 WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-14 05:37 AM
3
vulnrichment
vulnrichment

CVE-2024-23504 WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-14 05:37 AM
vulnrichment
vulnrichment

CVE-2023-51497 WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...

5.4CVSS

6.9AI Score

0.0004EPSS

2024-06-14 05:33 AM
cvelist
cvelist

CVE-2023-51497 WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-14 05:33 AM
3
openbugbounty
openbugbounty

apps.rhs.org.uk Cross Site Scripting vulnerability OBB-3934997

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 05:26 AM
2
openbugbounty
openbugbounty

rock.geosociety.org Cross Site Scripting vulnerability OBB-3934996

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 05:16 AM
3
nvd
nvd

CVE-2024-4936

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to...

9.8CVSS

0.001EPSS

2024-06-14 05:15 AM
7
cve
cve

CVE-2024-4936

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to...

9.8CVSS

9.7AI Score

0.001EPSS

2024-06-14 05:15 AM
14
cve
cve

CVE-2024-1094

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it...

7.3CVSS

7AI Score

0.0005EPSS

2024-06-14 05:15 AM
13
nvd
nvd

CVE-2024-1094

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it...

7.3CVSS

0.0005EPSS

2024-06-14 05:15 AM
1
cvelist
cvelist

CVE-2024-4936 Canto <= 3.0.8 - Unauthenticated Remote File Inclusion

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to...

9.8CVSS

0.001EPSS

2024-06-14 04:36 AM
4
vulnrichment
vulnrichment

CVE-2024-4936 Canto <= 3.0.8 - Unauthenticated Remote File Inclusion

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to...

9.8CVSS

7.5AI Score

0.001EPSS

2024-06-14 04:36 AM
vulnrichment
vulnrichment

CVE-2024-1094 Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it...

7.3CVSS

7AI Score

0.0005EPSS

2024-06-14 04:36 AM
cvelist
cvelist

CVE-2024-1094 Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege Escalation

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it...

7.3CVSS

0.0005EPSS

2024-06-14 04:36 AM
4
nvd
nvd

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....

7.2CVSS

0.001EPSS

2024-06-14 04:15 AM
3
cve
cve

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....

7.2CVSS

7.3AI Score

0.001EPSS

2024-06-14 04:15 AM
9
cve
cve

CVE-2023-6492

The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....

4.3CVSS

4.3AI Score

0.0005EPSS

2024-06-14 04:15 AM
9
cve
cve

CVE-2024-0892

The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete...

4.3CVSS

4.3AI Score

0.0005EPSS

2024-06-14 04:15 AM
9
nvd
nvd

CVE-2024-0892

The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete...

4.3CVSS

0.0005EPSS

2024-06-14 04:15 AM
1
nvd
nvd

CVE-2023-6492

The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....

4.3CVSS

0.0005EPSS

2024-06-14 04:15 AM
cvelist
cvelist

CVE-2024-31161 ASUS Download Master - Arbitrary File Upload

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....

7.2CVSS

0.001EPSS

2024-06-14 03:53 AM
cvelist
cvelist

CVE-2023-6492 Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_notices

The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible.....

4.3CVSS

0.0005EPSS

2024-06-14 03:35 AM
2
vulnrichment
vulnrichment

CVE-2024-0892 Schema App Structured Data <= 2.2.0 - Cross-Site Request Forgery

The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete...

4.3CVSS

4.2AI Score

0.0005EPSS

2024-06-14 03:35 AM
cvelist
cvelist

CVE-2024-0892 Schema App Structured Data <= 2.2.0 - Cross-Site Request Forgery

The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete...

4.3CVSS

0.0005EPSS

2024-06-14 03:35 AM
2
cve
cve

CVE-2023-51507

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-14 02:15 AM
24
cve
cve

CVE-2023-51516

Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-14 02:15 AM
25
nvd
nvd

CVE-2023-51507

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-14 02:15 AM
3
nvd
nvd

CVE-2023-51516

Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-14 02:15 AM
3
cve
cve

CVE-2023-51523

Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-14 02:15 AM
33
nvd
nvd

CVE-2023-51523

Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-14 02:15 AM
3
githubexploit
githubexploit

Exploit for CVE-2024-23692

Rejetto HFS (HTTP File Server) CVE-2024-23692 Vulnerability...

9.8CVSS

10AI Score

0.002EPSS

2024-06-14 01:33 AM
65
cvelist
cvelist

CVE-2023-51507 WordPress Quiz And Survey Master plugin <= 8.1.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-14 01:01 AM
1
cvelist
cvelist

CVE-2023-51516 WordPress Business Directory Plugin – Easy Listing Directories for WordPress plugin <= 6.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-14 12:58 AM
1
vulnrichment
vulnrichment

CVE-2023-51516 WordPress Business Directory Plugin – Easy Listing Directories for WordPress plugin <= 6.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through...

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-14 12:58 AM
vulnrichment
vulnrichment

CVE-2023-51523 WordPress WooCommerce Easy Duplicate Product plugin <= 0.3.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-06-14 12:56 AM
cvelist
cvelist

CVE-2023-51523 WordPress WooCommerce Easy Duplicate Product plugin <= 0.3.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-14 12:56 AM
2
nvd
nvd

CVE-2023-37394

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-14 12:15 AM
3
cve
cve

CVE-2023-37394

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-14 12:15 AM
15
cve
cve

CVE-2023-36695

Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through...

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-14 12:15 AM
15
nvd
nvd

CVE-2023-36504

Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-14 12:15 AM
2
cve
cve

CVE-2023-35045

Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-14 12:15 AM
15
nvd
nvd

CVE-2023-36694

Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through...

6.3CVSS

0.0004EPSS

2024-06-14 12:15 AM
3
nvd
nvd

CVE-2023-35045

Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-14 12:15 AM
1
nvd
nvd

CVE-2023-36695

Missing Authorization vulnerability in Maxime Schoeni Sublanguage.This issue affects Sublanguage: from n/a through...

5.4CVSS

0.0004EPSS

2024-06-14 12:15 AM
4
cve
cve

CVE-2023-36504

Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 12:15 AM
13
cve
cve

CVE-2023-36694

Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-06-14 12:15 AM
16
nvd
nvd

CVE-2023-29174

Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-14 12:15 AM
3
Total number of security vulnerabilities1406598