Word Security Vulnerabilities
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through...
6.5CVSS
6.9AI Score
0.001EPSS
Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the...
5.3CVSS
9.1AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.001EPSS
7.8CVSS
7.7AI Score
0.001EPSS
The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a...
6.5CVSS
6.5AI Score
0.001EPSS
7.3CVSS
7.4AI Score
0.001EPSS
7.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Replace Word plugin <= 2.1...
8.8CVSS
8.8AI Score
0.001EPSS
9.6CVSS
9.1AI Score
0.003EPSS
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result...
7.5CVSS
7.3AI Score
0.001EPSS
7.5CVSS
7.6AI Score
0.003EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue...
5.9CVSS
5.5AI Score
0.001EPSS
The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege....
5.4CVSS
5.3AI Score
0.001EPSS
5.5CVSS
5AI Score
0.001EPSS
5.5CVSS
5AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.002EPSS
The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...
4.8CVSS
4.8AI Score
0.001EPSS
Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by...
6.5AI Score
0.004EPSS
Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed .doc file containing an embedded image, as demonstrated by word2003forkbomb.doc, related to a "fork bomb"...
6.8AI Score
0.012EPSS
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at...
5.4CVSS
5.4AI Score
0.001EPSS
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in WHA's Word Search Puzzles game plugin <= 2.0.1 at...
4.8CVSS
4.8AI Score
0.001EPSS
5.5CVSS
6.1AI Score
0.001EPSS
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a....
9.8CVSS
9.4AI Score
0.961EPSS
7.8CVSS
7.7AI Score
0.006EPSS
5.5CVSS
5.5AI Score
0.001EPSS
7.8CVSS
8.6AI Score
0.424EPSS
7.8CVSS
7.7AI Score
0.016EPSS
7.8CVSS
7.8AI Score
0.106EPSS
7.8CVSS
7.7AI Score
0.277EPSS
5.5CVSS
6AI Score
0.004EPSS
7.8CVSS
7.7AI Score
0.012EPSS
7.8CVSS
7.7AI Score
0.016EPSS
7.8CVSS
7.7AI Score
0.011EPSS
7.8CVSS
7.7AI Score
0.009EPSS
3.3CVSS
4AI Score
0.001EPSS
A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file...
7CVSS
6.7AI Score
0.001EPSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...
7.8CVSS
7.7AI Score
0.015EPSS
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...
8.8CVSS
7.8AI Score
0.135EPSS
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...
5.5CVSS
5.5AI Score
0.014EPSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446,...
8.8CVSS
8.8AI Score
0.038EPSS
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from...
5.5CVSS
6.1AI Score
0.008EPSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447,...
8.8CVSS
8.8AI Score
0.038EPSS
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446,...
8.8CVSS
8.8AI Score
0.038EPSS
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from...
5.5CVSS
6AI Score
0.008EPSS
A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass...
4.3CVSS
4.6AI Score
0.003EPSS
A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file.The update addresses the vulnerability by correcting how Microsoft Word...
8.8CVSS
8.5AI Score
0.038EPSS