Lucene search
K

1368 matches found

CNNVD
CNNVD
added 2026/01/08 12:0 a.m.4 views

WordPress plugin Optimize 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.1CVSS6.7AI score0.00434EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.6 views

CVE-2025-14904

The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...

4.3CVSS0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.12 views

PT-2026-1573

Name of the Vulnerable Software and Affected Versions Newsletter Email Subscribe plugin for WordPress versions up to and including 2.4 Description The Newsletter Email Subscribe plugin for WordPress is susceptible to Cross-Site Request Forgery. This is a result of improper nonce validation within...

4.3CVSS6AI score0.00102EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.5 views

WordPress plugin AD Sliding FAQ 跨站脚本漏洞

...

6.4CVSS6.7AI score0.00279EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/06 11:45 a.m.4 views

WordPress Optimize theme < 2.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Optimize versions 2.4...

8.1CVSS7AI score0.00434EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/01/05 10:11 a.m.4 views

RHSA-2026:0010 Red Hat Security Advisory: httpd:2.4 security update

Bulletin has no description...

7.5CVSS6.6AI score0.01527EPSS
Exploits0References12
Cvelist
Cvelist
added 2025/12/30 10:47 a.m.31 views

CVE-2025-68987 WordPress Cinerama theme <= 2.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Cinerama cinerama allows PHP Local File Inclusion.This issue affects Cinerama: from n/a through = 2.9...

7.5CVSS0.00384EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.7 views

PT-2025-53876

Name of the Vulnerable Software and Affected Versions Edge-Themes Cinerama - A WordPress Theme for Movie Studios and Filmmakers versions through 2.4 Description The software contains a PHP Local File Inclusion issue due to improper control of filename for include/require statements. This allows f...

9.8CVSS6.5AI score0.00384EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/25 12:0 a.m.28 views

Oracle Linux 8 : httpd:2.4 (ELSA-2025-23732)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23732 advisory. - Resolves: RHEL-135054 - httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 - Resolves: RHEL-135039 - http...

9.8CVSS7.5AI score0.99999EPSS
Exploits30References5
EUVD
EUVD
added 2025/12/23 12:30 a.m.10 views

EUVD-2023-60233

WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file pa...

8.8CVSS7.1AI score0.00409EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/22 9:35 p.m.6 views

CVE-2023-53971 WebTareas 2.4 Authenticated Remote Code Execution via File Upload

WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file pa...

8.8CVSS7.2AI score0.00409EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/22 9:35 p.m.22 views

CVE-2023-53971 WebTareas 2.4 Authenticated Remote Code Execution via File Upload

WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file pa...

8.8CVSS0.00409EPSS
Exploits1References3
OSV
OSV
added 2025/12/22 10:2 a.m.7 views

RHSA-2025:23732 Red Hat Security Advisory: httpd:2.4 security update

Bulletin has no description...

7.5CVSS6.9AI score0.01527EPSS
Exploits0References21
RedhatCVE
RedhatCVE
added 2025/12/10 9:16 p.m.5 views

CVE-2021-47701

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the updateuserpermissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory...

8.8CVSS7.1AI score0.0042EPSS
Exploits2References1
NVD
NVD
added 2025/12/09 9:15 p.m.6 views

CVE-2021-47718

OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system...

8.7CVSS0.00478EPSS
Exploits2References4
OSV
OSV
added 2025/12/09 9:15 p.m.6 views

CVE-2021-47703

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip'...

7.2CVSS5.9AI score0.00281EPSS
Exploits2References4
NVD
NVD
added 2025/12/09 9:15 p.m.6 views

CVE-2021-47703

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip'...

7.2CVSS0.00281EPSS
Exploits2References4
NVD
NVD
added 2025/12/09 9:15 p.m.3 views

CVE-2021-47704

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obixtest.php with malicious 'id' values to extract database information...

8.7CVSS0.00356EPSS
Exploits2References4
NVD
NVD
added 2025/12/09 9:15 p.m.8 views

CVE-2021-47702

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings...

5.3CVSS0.00165EPSS
Exploits2References4
NVD
NVD
added 2025/12/09 9:15 p.m.4 views

CVE-2021-47701

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the updateuserpermissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory...

8.8CVSS0.0042EPSS
Exploits2References3
Rows per page
Query Builder