Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57396

Name of the Vulnerable Software and Affected Versions SurfLink - Ultimate Link Manager versions prior to 2.6.1 Description Unauthorized data modification is possible due to a missing capability check and missing nonce verification in the ajax import 410 function. While other AJAX handlers in the...

4.3CVSS6.1AI score0.00213EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2024/05/02 5:15 p.m.2 views

CVE-2024-3677

The Ultimate 410 Gone Status Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 410 entries in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...

6.4CVSS5.6AI score0.00465EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.27 views

CVE-2024-3677 Ultimate 410 Gone Status Code <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ultimate 410 Gone Status Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 410 entries in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...

6.4CVSS6AI score0.00465EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/23 2:57 a.m.4 views

WordPress Ultimate 410 Gone Status Code plugin <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin Ultimate 410 Gone Status Code versions = 1.1.4...

6.4CVSS5.9AI score0.00465EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/23 12:0 a.m.14 views

WordPress Ultimate 410 Gone Status Code Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate 410 Gone Status Code Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3677 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e6494963676 Credits Krzysztof...

6.4CVSS5.9AI score0.00465EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder