Lucene search
K

11 matches found

Patchstack
Patchstack
added 2025/11/03 10:23 p.m.9 views

WordPress List category posts plugin <= 0.92.0 - Authenticated (Contributor+) Information Exposure vulnerability

Authenticated Contributor+ Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin List category posts versions = 0.92.0...

4.3CVSS6.7AI score0.00207EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 8:9 a.m.11 views

CVE-2019-11377

wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fmgettextexts function...

8.8CVSS6.8AI score0.0175EPSS
Exploits1References1
Circl
Circl
added 2025/01/07 4:38 a.m.8 views

CVE-2024-11377

creationtimestamp| type| source ---|---|--- 2025-01-07 04:38:11+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/316 2025-01-07 05:15:44+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vf5hyou22...

6.1CVSS8.7AI score0.00468EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/07 4:22 a.m.18 views

CVE-2024-11377 Automate Hub Free by Sperse.IO <= 1.7.0 - Reflected Cross-Site Scripting

The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00468EPSS
Exploits0References7
CVE
CVE
added 2025/01/07 4:22 a.m.44 views

CVE-2024-11377

CVE-2024-11377 is a Reflected Cross‑Site Scripting vulnerability in the WordPress plugin Automate Hub Free by Sperse.IO. It affects all versions up to 1.7.0 and arises from insufficient input sanitization and output escaping in the id parameter, enabling unauthenticated attackers to inject script...

6.1CVSS6AI score0.00468EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/01/07 4:22 a.m.5 views

CVE-2024-11377 Automate Hub Free by Sperse.IO <= 1.7.0 - Reflected Cross-Site Scripting

The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00468EPSS
Exploits0References7
Cvelist
Cvelist
added 2021/12/20 10:45 p.m.13 views

CVE-2020-11377

...

Exploits0
CVE
CVE
added 2021/12/20 10:45 p.m.33 views

CVE-2020-11377

CVE-2020-11377 is rejected/not used.

6.7AI score
Exploits0
Cvelist
Cvelist
added 2019/04/20 2:36 p.m.23 views

CVE-2019-11377

wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fmgettextexts function...

8.6AI score0.0175EPSS
Exploits1References2
CVE
CVE
added 2019/04/20 2:36 p.m.41 views

CVE-2019-11377

CVE-2019-11377 affects WCMS v0.3.2: wcms/wex/finder/action.php is vulnerable to Arbitrary File Upload via developer/finder because .php is allowed by fm_get_text_exts. Root cause: PHP extension allowed for uploads. Impact details are provided in the connected records, with CVSS2/3 metrics (6.5/8....

8.8CVSS8.5AI score0.0175EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/05/22 7:0 p.m.59 views

CVE-2018-11377

The CVE-2018-11377 issue affects radare2 (v2.5.0) where the avr_op_analyze() function can be exploited by a crafted binary to trigger a heap-based out-of-bounds read and crash the application, i.e., a remote denial of service. This denial of service is described in multiple sources (NVD/Nessus/OS...

5.5CVSS5.4AI score0.01437EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder