Lucene search
+L

259 matches found

attackerkb
attackerkb
added 2026/01/26 5:42 p.m.8 views

CVE-2020-36955

Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...

6.4CVSS5.8AI score0.00567EPSS
Exploits0References3
cve
cve
added 2026/01/26 5:42 p.m.10 views

CVE-2020-36955

CVE-2020-36955 affects Grav CMS 1.6.30 with Admin Plugin 1.9.18. The issue is a persistent cross-site scripting vulnerability in the page title field that requires an authenticated user. An attacker can create a page whose title contains malicious script, and the script will execute when the page...

6.4CVSS5.8AI score0.00567EPSS
Exploits0References3
cvelist
cvelist
added 2026/01/26 5:42 p.m.36 views

CVE-2020-36955 Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting

Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...

6.4CVSS0.00567EPSS
Exploits0References3
euvd
euvd
added 2026/01/26 5:42 p.m.5 views

EUVD-2020-30847

Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...

6.4CVSS5.8AI score0.00567EPSS
Exploits0References3
nvd
nvd
added 2026/01/17 4:16 a.m.7 views

CVE-2026-0682

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS0.00245EPSS
Exploits0References6
cve
cve
added 2026/01/17 3:24 a.m.22 views

CVE-2026-0682

The CVE-2026-0682 entry describes an authenticated Administrator+ SSRF against WordPress Church Admin plugin (versions up to 5.0.28) due to insufficient validation of the audio_url parameter. An attacker could cause the web app to issue requests to internal services, enabling querying/modificatio...

2.2CVSS5.4AI score0.00245EPSS
Exploits0References6
euvd
euvd
added 2026/01/17 3:24 a.m.12 views

EUVD-2026-3155

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS5.3AI score0.00245EPSS
Exploits0References7
cvelist
cvelist
added 2026/01/17 3:24 a.m.28 views

CVE-2026-0682 Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS0.00245EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/01/17 3:24 a.m.4 views

CVE-2026-0682

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...

2.2CVSS5.6AI score0.00245EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/01/17 12:0 a.m.15 views

PT-2026-3344

The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio url' parameter. This makes it possible for authenticated attackers, with Administrator-level access, t...

2.2CVSS5.8AI score0.00245EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/01/13 10:52 p.m.9 views

CVE-2025-14741

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'deleteobject' function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated...

9.1CVSS5.5AI score0.00353EPSS
Exploits0References1
patchstack
patchstack
added 2026/01/09 7:2 a.m.10 views

WordPress Frontend Admin by DynamiApps plugin <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability

Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element vulnerability discovered by andrea bocchetti in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.25...

9.1CVSS7AI score0.00353EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2026/01/09 12:0 a.m.7 views

WordPress plugin WP Table Builder – Drag & Drop Table Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

9.1CVSS6.6AI score0.00353EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/01/09 12:0 a.m.6 views

WordPress plugin Frontend Admin by DynamiApps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

7.2CVSS6.3AI score0.00267EPSS
Exploits0References2
githubexploit
githubexploit
added 2025/12/09 10:28 a.m.206 views

Exploit for CVE-2025-13342

CVE-2025-13342 PoC The Frontend Admin by DynamiApps plugin fo...

9.8CVSS6.4AI score0.00464EPSS
Exploits2
nvd
nvd
added 2025/12/08 4:15 p.m.6 views

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

9.1CVSS0.00637EPSS
Exploits1References1
cvelist
cvelist
added 2025/12/08 12:0 a.m.23 views

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

0.00637EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/12/08 12:0 a.m.7 views

PT-2025-49559

Name of the Vulnerable Software and Affected Versions Emlog Pro version 2.5.20 Description Emlog Pro 2.5.20 contains a flaw that allows for arbitrary file deletion. This issue is present in the admin/template.php and admin/plugin.php components, which do not properly validate file paths or filter...

9.1CVSS6.9AI score0.00637EPSS
Exploits1References4
cve
cve
added 2025/12/08 12:0 a.m.31 views

CVE-2025-61318

CVE-2025-61318 affects Emlog Pro 2.5.20. The vulnerability stems from the admin/template.php and admin/plugin.php components where path validation is missing and deletion parameters are not properly filtered, allowing directory traversal that can lead to arbitrary file deletion. The issue is not ...

9.1CVSS7AI score0.00637EPSS
Exploits1References1Affected Software1
euvd
euvd
added 2025/12/08 12:0 a.m.6 views

EUVD-2025-201728

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

5.3CVSS6.8AI score0.00637EPSS
Exploits1References2
Rows per page
Query Builder