Lucene search
K

24 matches found

Nuclei
Nuclei
added 12 hours ago17 views

Ultimate Addons for Elementor <= 1.24.1 - Registration Bypass

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled. id: CVE-2020-13125 info...

9.9CVSS6.7AI score0.08565EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-13125

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References2Affected Software1
Circl
Circl
added 3 days ago3 views

CVE-2026-13125

creationtimestamp| type| source ---|---|--- 2026-07-01 16:00:06+00:00| seen| https://infosec.place/objects/dd35b5aa-82ba-4b82-8fbd-5cb1cd216bd5 2026-07-02 03:50:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpn4vo25an2p 2026-07-02 06:36:53+00:00| seen|...

8.8CVSS5.9AI score0.00227EPSS
Exploits0References5
Circl
Circl
added 2025/12/27 5:51 p.m.9 views

CVE-2020-13125

creationtimestamp| type| source ---|---|--- 2025-12-27 17:51:28+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-13125.yaml 2025-12-30 21:02:58+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mbaarl4edw2b 2026-06-19...

7.2CVSS6.8AI score0.02307EPSS
Exploits0References3
Circl
Circl
added 2025/12/10 3:10 p.m.4 views

CVE-2025-13125

creationtimestamp| type| source ---|---|--- 2025-12-10 15:10:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7ndrppizc2x...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:35 a.m.11 views

CVE-2019-13125

HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...

7.8CVSS6.9AI score0.00969EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/15 6:24 a.m.17 views

CVE-2024-13125

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS7.8AI score0.00314EPSS
Exploits1References1
Circl
Circl
added 2025/02/13 6:15 a.m.19 views

CVE-2024-13125

creationtimestamp| type| source ---|---|--- 2025-02-13 06:15:55+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhzzyt6lmq2a 2025-02-13 06:25:18+00:00| seen| https://infosec.exchange/users/cve/statuses/113995148034307983 2025-02-13 07:08:13+00:00| seen|...

3.5CVSS8.7AI score0.00314EPSS
Exploits1References5
OSV
OSV
added 2025/02/13 6:15 a.m.4 views

CVE-2024-13125

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.5AI score
Exploits0References1
NVD
NVD
added 2025/02/13 6:15 a.m.26 views

CVE-2024-13125

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00314EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/13 6:0 a.m.8 views

CVE-2024-13125 Everest Forms < 3.0.8.1 - Admin+ Stored XSS

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.00314EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/13 6:0 a.m.22 views

CVE-2024-13125 Everest Forms < 3.0.8.1 - Admin+ Stored XSS

The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00314EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:41 p.m.12 views

CVE-2020-13125

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...

9.9CVSS6.4AI score0.08565EPSS
Exploits1
NVD
NVD
added 2020/05/17 1:15 a.m.15 views

CVE-2020-13125

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...

7.2CVSS7.9AI score0.02307EPSS
Exploits0References2
Prion
Prion
added 2020/05/17 1:15 a.m.13 views

Remote code execution

An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is...

6.5CVSS7.2AI score0.08565EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/05/17 12:39 a.m.26 views

CVE-2020-13125

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled...

7.2CVSS8AI score0.02307EPSS
Exploits0References2
CVE
CVE
added 2020/05/17 12:39 a.m.164 views

CVE-2020-13125

The CVE-2020-13125 entry concerns the Ultimate Addons for Elementor WordPress plugin (

7.2CVSS7.7AI score0.02307EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/05/17 12:38 a.m.32 views

CVE-2020-13126

An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is...

9.9CVSS7.4AI score0.08565EPSS
Exploits1References2
OSV
OSV
added 2019/07/01 2:15 p.m.17 views

CVE-2019-13125

HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...

7.8CVSS6.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2019/07/01 2:15 p.m.3 views

CVE-2019-13125

HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...

7.8CVSS5.5AI score0.00969EPSS
Exploits1References2
Rows per page
Query Builder