Lucene search
+L

556 matches found

Packet Storm
Packet Storm
added 2025/03/25 12:0 a.m.256 views

WordPress Iron Security 2.2.3 IP Spoofing

WordPress Iron Security plugin versions 2.2.3 and below suffer from a source IP spoofing vulnerability. Wordpress Plugin Iron Security - IP Spoofing Exploit Author: bRpsd | cyatlive.no Date: March 20, 2025 Product: https://wordpress.org/plugins/iron-security/ Version: 2.2.3 and below CVE : N/A...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2025/03/03 12:0 a.m.6 views

Sea.js 跨站脚本漏洞

Sea.js is a web module loader open-sourced by Sea.js. A security vulnerability exists in Sea.js version 2.2.3, which originates from cross-site scripting and allows remote attackers to execute arbitrary code via the seajs package...

5.4CVSS6.8AI score0.00386EPSS
Exploits1References3
CVE
CVE
added 2025/03/03 12:0 a.m.56 views

CVE-2024-51091

CVE-2024-51091 affects seaw.js (seajs) v2.2.3. The issue is a Cross-Site Scripting vulnerability arising from improper input sanitization in the seajs package, enabling a remote attacker to execute arbitrary code via the vulnerable component. Several connected sources corroborate the vulnerabilit...

5.4CVSS7.4AI score0.00386EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 2:23 a.m.14 views

CVE-2024-24933

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.This issue affects Honeypot for WP Comment: from n/a through 2.2.3...

7.1CVSS7.1AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.6 views

WordPress plugin Mark Posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS8.3AI score0.00305EPSS
Exploits0References2
OSV
OSV
added 2024/12/18 4:15 a.m.5 views

CVE-2024-12061

The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naeventselementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...

4.3CVSS5.8AI score0.00374EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.8 views

PT-2024-17201 · WordPress · Wp Job Portal

Name of the Vulnerable Software and Affected Versions: WP Job Portal plugin for WordPress versions prior to 2.2.3 Description: The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the resumeid parameter due to insufficient escaping on the user-supplied parameter and lack of...

7.5CVSS7.9AI score0.0051EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.8 views

PT-2024-17200 · WordPress · Wp Job Portal

Name of the Vulnerable Software and Affected Versions: WP Job Portal plugin versions prior to 2.2.3 Description: The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the fieldfor, visibleParent, and id parameters due to insufficient escaping on user-supplied parameters and la...

4.9CVSS7.7AI score0.0046EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.6 views

PT-2024-17204 · WordPress · Wp Job Portal

Name of the Vulnerable Software and Affected Versions: WP Job Portal plugin versions prior to 2.2.3 Description: The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the ff parameter of the getFieldsForVisibleCombobox function due to insufficient escaping on the user-supplied...

4.9CVSS7.6AI score0.0046EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.14 views

PT-2024-12245 · Unknown · Wooproductimporter Sharkdropship For Aliexpress Dropship/Affiliate

Name of the Vulnerable Software and Affected Versions: wooproductimporter Sharkdropship for AliExpress Dropship and Affiliate versions through 2.2.3 Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation due to incorrectly configured access control...

6.5CVSS8.6AI score0.00395EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/03 12:0 a.m.3 views

WordPress plugin Form Data Collector 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.1CVSS7.5AI score0.00348EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/03 12:0 a.m.6 views

PT-2024-17013 · WordPress · Form Data Collector

Name of the Vulnerable Software and Affected Versions: Form Data Collector plugin for WordPress versions up to and including 2.2.3 Description: The issue is related to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS7.5AI score0.00348EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/11/30 12:0 a.m.6 views

WordPress plugin Znajdz Prace z Praca.Pl 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.5CVSS8AI score0.00283EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/30 12:0 a.m.6 views

PT-2024-35885 · Praca.Pl Sp. Z O.O. · Praca.Pl

Name of the Vulnerable Software and Affected Versions: Praca.Pl sp. Z o.O. Znajdź Pracę z Praca.Pl versions n/a through 2.2.3 Description: The issue affects Praca.Pl sp. Z o.O. Znajdź Pracę z Praca.Pl, allowing DOM-Based XSS due to improper neutralization of input during web page generation. This...

6.5CVSS6AI score0.00283EPSS
Exploits0References3
OSV
OSV
added 2024/11/22 2:23 p.m.4 views

OESA-2024-2476 rubygem-sinatra security update

Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...

8.8CVSS7AI score0.00642EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.9 views

PT-2024-34926 · Unknown · Bg Patriarchia Bu

Name of the Vulnerable Software and Affected Versions: Bg Patriarchia BU versions n/a through 2.2.3 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS. Users are urged to update to t...

6.5CVSS7.1AI score0.00341EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2024/11/09 2:32 p.m.6 views

gophers (>=0.0.1 <=0.0.2), gupy-framework (>=0.0.1 <=0.5.7) +2 more potentially affected by CVE-2024-21543 via djoser (>=2.0.5 <=2.2.3)

djoser PYPI version =2.0.5, =0.0.1, =0.0.1, =1.3.0, =2023.12.19 Source cves: CVE-2024-21543 Source advisory: SNYK:PYTHON-DJOSER-8366540...

7.1CVSS7AI score0.00558EPSS
Exploits0
OSV
OSV
added 2024/11/08 10:15 p.m.12 views

AZL-52557 CVE-2024-27532 affecting package fluent-bit for versions less than 2.2.3-6

wasm-micro-runtime aka WebAssembly Micro Runtime or WAMR 06df58f is vulnerable to NULL Pointer Dereference in function blocktypegetresulttypes...

7.5CVSS5.7AI score0.00493EPSS
Exploits1References1
OSV
OSV
added 2024/11/08 5:15 p.m.6 views

AZL-53187 CVE-2024-25431 affecting package fluent-bit for versions less than 2.2.3-5

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the checkwasabicompatibility function...

7.8CVSS5.8AI score0.00634EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/31 12:0 a.m.6 views

WordPress plugin Custom Twitter Feeds 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.5AI score0.00186EPSS
Exploits0References1
Rows per page
Query Builder