Word Security Vulnerabilities
Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the...
5.3CVSS
7.3AI Score
0.0004EPSS
7.8CVSS
8.1AI Score
0.001EPSS
7.8CVSS
8.1AI Score
0.001EPSS
The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a...
6.5CVSS
7.2AI Score
0.001EPSS
7.3CVSS
7.3AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Replace Word plugin <= 2.1...
8.8CVSS
8.8AI Score
0.001EPSS
9.6CVSS
9.1AI Score
0.004EPSS
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result...
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.002EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue...
5.4CVSS
5.5AI Score
0.001EPSS
The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege....
5.4CVSS
5.3AI Score
0.001EPSS
5.5CVSS
6AI Score
0.001EPSS
5.5CVSS
6.1AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.001EPSS
The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...
4.8CVSS
4.7AI Score
0.001EPSS
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at...
5.4CVSS
5.4AI Score
0.001EPSS
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in WHA's Word Search Puzzles game plugin <= 2.0.1 at...
4.8CVSS
4.8AI Score
0.001EPSS
5.5CVSS
5.5AI Score
0.002EPSS
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a....
9.8CVSS
9.4AI Score
0.961EPSS
7.8CVSS
7.8AI Score
0.005EPSS
5.5CVSS
5.5AI Score
0.001EPSS
7.8CVSS
8.2AI Score
0.019EPSS
7.8CVSS
7.6AI Score
0.031EPSS
7.8CVSS
7.8AI Score
0.152EPSS
7.8CVSS
7.8AI Score
0.106EPSS
7.8CVSS
7.7AI Score
0.011EPSS
7.8CVSS
7.7AI Score
0.133EPSS
7.8CVSS
7.7AI Score
0.015EPSS
3.3CVSS
5.6AI Score
0.001EPSS
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file...
7CVSS
8.3AI Score
0.001EPSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...
7.8CVSS
8.1AI Score
0.019EPSS
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...
8.8CVSS
6.2AI Score
0.231EPSS
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...
5.5CVSS
6.2AI Score
0.014EPSS
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from...
5.5CVSS
6.1AI Score
0.014EPSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447,...
8.8CVSS
8.8AI Score
0.038EPSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446,...
8.8CVSS
8.8AI Score
0.038EPSS
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from...
5.5CVSS
6.1AI Score
0.002EPSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446,...
8.8CVSS
8.8AI Score
0.038EPSS
A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file.The update addresses the vulnerability by correcting how Microsoft Word...
8.8CVSS
8.6AI Score
0.038EPSS
A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass...
4.3CVSS
4.6AI Score
0.003EPSS
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from...
8.8CVSS
8.5AI Score
0.038EPSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution...
7.8CVSS
8.1AI Score
0.011EPSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852,...
7.8CVSS
8AI Score
0.014EPSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855,...
8.8CVSS
8AI Score
0.047EPSS
A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service...
6.5CVSS
6.2AI Score
0.003EPSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from...
7.8CVSS
7.9AI Score
0.014EPSS