Lucene search
K

84032 matches found

Nuclei
Nuclei
added 12 hours ago82 views

WordPress JSmol2WP <=1.07 - Local File Inclusion

WordPress JSmol2WP plugin 1.07 is susceptible to local file inclusion via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context...

7.5CVSS6.9AI score0.13078EPSS
Exploits4References5
Nuclei
Nuclei
added 12 hours ago42 views

WordPress PhastPress <1.111 - Open Redirect

WordPress PhastPress plugin before 1.111 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-24210 info: name: WordPress PhastPress 1.111 - Open...

6.1CVSS6.3AI score0.03066EPSS
Exploits2References5
Nuclei
Nuclei
added 12 hours ago12 views

Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...

5.3CVSS5.9AI score0.00843EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago8 views

Social Auto Poster <= 5.3.14 - Stored Cross-Site Scripting

Social Auto Poster plugin for WordPress versions up to 5.3.14 contains a stored cross-site scripting caused by insufficient sanitization and escaping of 'mapTypes' parameter in the 'wpwautopostermapwordpressposttype' AJAX function, letting unauthenticated attackers inject and execute arbitrary...

7.2CVSS6AI score0.00829EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago10 views

YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting

The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'queryString' parameter in the REST API endpoint /ywcas/v1/register in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. id: CVE-2024-4455 info...

7.2CVSS5.9AI score0.0101EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago38 views

JS Help Desk <= 2.8.2 - SQL Injection

JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...

7.5CVSS6AI score0.01317EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago12 views

CRM Perks Forms <= 1.1.4 - SQL Injection

CRM Perks CRM Perks Forms affected versions 1.1.4 and earlier contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. id: CVE-2024-30498 info: name: CRM Perks Forms ...

10CVSS7.4AI score0.02267EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago28 views

WP-Lister Lite for Amazon <= 2.6.16 - Cross-Site Scripting

The WP-Lister Lite for Amazon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.1CVSS6.1AI score0.0063EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago12 views

Bulk Me Now! Plugin <= 2.0 - Cross-Site Scripting

Bulk Me Now! WordPress plugin = 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS7.1AI score0.00532EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago7 views

LatePoint <= 5.0.12 - Authentication Bypass

LatePoint plugin for WordPress versions up to 5.0.12 contains an authentication bypass caused by insufficient verification of user during booking, letting unauthenticated attackers log in as any existing user if they have user ID access, exploit requires access to user ID, and the 'Use WordPress...

9.8CVSS5.9AI score0.02994EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago31 views

WPZOOM Social Icons Widget <= 4.2.15 - Missing Authorization

WPZOOM Social Icons Widget & Block versions up to 4.2.15 contain a missing authorization vulnerability caused by insufficient access control in the widget and block, letting attackers perform unauthorized actions, exploit requires no special conditions. id: CVE-2024-30464 info: name: WPZOOM Socia...

8.8CVSS7.1AI score0.01517EPSS
Exploits0References1
Nuclei
Nuclei
added 12 hours ago19 views

WordPress Email Newsletter - Reflected XSS

WordPress Email Newsletter plugin through 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to cra...

5.4CVSS7.1AI score0.00688EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago10 views

Tutor LMS <= 2.1.10 - SQL Injection

Tutor LMS – eLearning and online course solution plugin for WordPress all versions up to 2.6.1 contains a time-based SQL Injection caused by insufficient escaping on the questionid parameter in SQL queries, letting authenticated attackers with subscriber or higher access extract sensitive...

8.8CVSS7.4AI score0.03135EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago10 views

WP MediaTagger <= 4.1.1 - Cross-Site Scripting

WP MediaTagger WordPress plugin = 4.1.1 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires user interaction or victim to visit a malicious link. id:...

6.1CVSS7.1AI score0.00577EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago10 views

Advance Post Prefix WordPress plugin - Reflected XSS

Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12734 info: name: Advance...

6.1CVSS5.9AI score0.00521EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago11 views

Guten Free Options - Cross Site Scripting

Guten Free Options WordPress plugin = 0.9.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click malicious link. id: CVE-2024-13492 info: name: Guten Free...

6.1CVSS7.1AI score0.00568EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago11 views

Zarinpal Paid Download - Reflected XSS

Zarinpal Paid Download WordPress plugin v2.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires...

6.1CVSS7.1AI score0.00564EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago6 views

WP Extended < 3.0.0 - Stored Cross-Site Scripting

The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

7.1CVSS6.1AI score0.0063EPSS
Exploits0References4
Nuclei
Nuclei
added 12 hours ago19 views

Formidable Forms < 2.05.02 - Cross-Site Scripting

Formidable Form Builder for WordPress versions before 2.05.03 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping in form parameters like 'afterhtml', letting unauthenticated attackers inject and execute arbitrary scripts in victims' browsers id:...

8.3CVSS6AI score0.00999EPSS
Exploits2References3
Nuclei
Nuclei
added 12 hours ago13 views

SendGrid for WordPress <= 1.4 - SQL Injection

Smackcoders SendGrid for WordPress affected versions 1.4 and below contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2024-43965 info: name: SendGrid for...

9.8CVSS6.2AI score0.0188EPSS
Exploits1References2
Rows per page
Query Builder