Lucene search
+L

370 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:26 a.m.8 views

CVE-2023-27600

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the deletesdpline function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP...

7.5CVSS6.8AI score0.0099EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.14 views

CVE-2021-24512

The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an authenticated reflected cross site scripting XSS vulnerability in one of the administrative functions for handling deletion of videos...

5.4CVSS5.6AI score0.0062EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:3 a.m.7 views

CVE-2018-18529

ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI...

9.8CVSS8.1AI score0.01202EPSS
Exploits1References1
CVE
CVE
added 2025/04/16 12:45 p.m.40 views

CVE-2025-39529

CVE-2025-39529 affects the WordPress plugin Scriptless Social Sharing. A stored XSS exists due to improper input neutralization during web page generation, impacting versions up to 3.2.4. Public advisories confirm the vulnerability and indicate a patch is available in version 3.3.0 (and later). C...

6.5CVSS7.2AI score0.00308EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/03 1:2 p.m.19 views

API Platform Core can leak exceptions message that may contain sensitive information

Summary Exception messages, that are not HTTP exceptions, are visible in the JSON error response. Details While we wanted to make our errors compatible with the JSON Problem specification, we ended up handling more exceptions then we did previously introduced at...

5.3CVSS7.2AI score0.00357EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/04/03 1:2 p.m.13 views

GHSA-RFW5-CQJJ-7V9R API Platform Core can leak exceptions message that may contain sensitive information

Summary Exception messages, that are not HTTP exceptions, are visible in the JSON error response. Details While we wanted to make our errors compatible with the JSON Problem specification, we ended up handling more exceptions then we did previously introduced at...

5.3CVSS7.2AI score0.00357EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/02/25 12:0 a.m.10 views

PT-2025-7874 · Wpchill · Strong Testimonials

Name of the Vulnerable Software and Affected Versions: Strong Testimonials versions prior to 3.2.4 Description: A Missing Authorization issue in WP Chill Strong Testimonials allows accessing functionality not properly constrained by ACLs. Recommendations: For versions prior to 3.2.4, update to...

5.3CVSS9.6AI score0.00354EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/21 11:24 a.m.12 views

CVE-2024-13479

The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropshipeditid' and 'editid' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.5CVSS7.5AI score0.00736EPSS
Exploits1References1
NVD
NVD
added 2025/02/19 12:15 p.m.11 views

CVE-2024-13479

The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropshipeditid' and 'editid' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.5CVSS0.00736EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/02/19 11:10 a.m.16 views

CVE-2024-13479 LTL Freight Quotes – SEFL Edition <= 3.2.4 - Unauthenticated SQL Injection

The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropshipeditid' and 'editid' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.5CVSS0.00736EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/02/19 12:2 a.m.5 views

WordPress LTL Freight Quotes – SEFL Edition plugin <= 3.2.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Colin Xu in WordPress Plugin LTL Freight Quotes – SEFL Edition versions = 3.2.4...

7.5CVSS8.1AI score0.00736EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.3 views

WordPress plugin LTL Freight Quotes SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

7.5CVSS9.2AI score0.00736EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/04 11:42 p.m.7 views

CVE-2024-22303

Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4...

8.8CVSS6.9AI score0.00444EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.5 views

WordPress plugin MooWoodle 日志信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A log information...

7.5CVSS6.1AI score0.00517EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/31 8:24 a.m.10 views

CVE-2025-24609 WordPress PORTONE 우커머스 결제 Plugin <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PORTONE PORTONE 우커머스 결제 iamport-for-woocommerce allows Reflected XSS.This issue affects PORTONE 우커머스 결제: from n/a through = 3.2.4...

7.1CVSS7.2AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/31 8:24 a.m.24 views

CVE-2025-24609 WordPress PORTONE 우커머스 결제 Plugin <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PORTONE PORTONE 우커머스 결제 iamport-for-woocommerce allows Reflected XSS.This issue affects PORTONE 우커머스 결제: from n/a through = 3.2.4...

7.1CVSS0.0022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/31 12:0 a.m.6 views

PT-2025-5444 · Portone · Portone Portone 우커머스 결제

Name of the Vulnerable Software and Affected Versions: PortOne PORTONE 우커머스 결제 versions 3.2.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers ...

7.1CVSS9.3AI score0.0022EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.4 views

WordPress plugin PORTONE 우커머스 결제 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

7.1CVSS7.6AI score0.0022EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/01/28 4:44 a.m.3 views

WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting

Overview WordPress Plugin "Simple Image Sizes" provided by Rahe contains a stored cross-site scripting vulnerability CWE-79. Ibuki Sato of Nippon Engineering College of Hachioji reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

4.8CVSS6AI score0.00262EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/01/24 11:47 a.m.5 views

WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Khang Duong in WordPress Plugin Popup Box versions = 3.2.4...

5.4CVSS7AI score0.00199EPSS
Exploits0Affected Software1
Rows per page
Query Builder