Lucene search
K

241 matches found

CNNVD
CNNVD
added 2021/11/08 12:0 a.m.5 views

Wordpress plugin WP Survey Plus 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. access control error vulnerability in Wordpress...

4.3CVSS5.8AI score0.00435EPSS
Exploits2References2
OSV
OSV
added 2021/11/01 9:15 p.m.4 views

CVE-2021-39333

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

8.1CVSS5.9AI score0.01016EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/11 12:0 a.m.7 views

WordPress 代码问题漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. uninstall is one of the plugins used to completely uninstall WordPress. WordPress Plugin A code issue exists due to a missin...

8.8CVSS7.8AI score0.01652EPSS
Exploits2References6
OSV
OSV
added 2021/09/27 4:15 p.m.4 views

CVE-2021-24652

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultpoptions values...

6.5CVSS5.8AI score0.00693EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/09/20 12:0 a.m.3 views

WordPress plugin OMGF 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the OMGF...

8.1CVSS7.9AI score0.00883EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2021/08/25 12:0 a.m.6 views

The vulnerabilities of the implementations of functions based on the AJAX technology, such as motor_load_more(), motor_gallery_load_more(), motor_quick_view(), and motor_project_quick_view(), in the “Motor – Cars, Parts, Service, Equipments and Accessories” theme. This theme is part of the WooCommerce store and uses the WordPress content management system. These vulnerabilities allow an attacker to execute arbitrary PHP code or gain unauthorized access to protected information.

The vulnerability of implementations based on the AJAX technology—motorloadmore, motorgalleryloadmore, motorquickview, and motorprojectquickview—in the “Motor: Cars, Parts, Service, Equipment, and Accessories” theme. This vulnerability is related to shortcomings in path name restrictions for the...

9.8CVSS8.2AI score0.02633EPSS
Exploits2References5Affected Software1
CNNVD
CNNVD
added 2021/08/23 12:0 a.m.3 views

Wordpress Plugin Email Subscriber 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in...

6.1CVSS5.9AI score0.01344EPSS
Exploits2References2
OSV
OSV
added 2021/06/14 2:15 p.m.4 views

CVE-2021-24355

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/getwildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the...

4.3CVSS5.8AI score0.0072EPSS
Exploits2References2
CNVD
CNVD
added 2021/01/06 12:0 a.m.3 views

WordPress Newsletter plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in WordPress Newsletter plugin versions prior to 6.8.2 allows...

6.5CVSS6.1AI score0.00854EPSS
Exploits1References1
OSV
OSV
added 2020/05/29 4:15 p.m.4 views

CVE-2020-12675

The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...

8.8CVSS7.4AI score0.02842EPSS
Exploits0References2
OSV
OSV
added 2020/04/23 3:15 a.m.5 views

CVE-2020-12077

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces or capability checks, leading to remote code execution...

8.8CVSS7.6AI score0.05606EPSS
Exploits3References2
OSV
OSV
added 2020/04/23 2:15 a.m.1 views

CVE-2020-12076

The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS...

8.8CVSS7.3AI score0.00687EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/23 12:0 a.m.3 views

WordPress Permission Check Bypass Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. data-tables-generator-by-supsystic is a data table generator plugin used in it. A security vulnerability exists in the WordPress...

8.8CVSS6.7AI score0.01042EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2020/03/26 3:46 p.m.4 views

js-jquery: XSS in responses from cross-origin ajax requests

REJECTED CVE This CVE has been rejected. This candidate is a duplicate of CVE-2015-9251. Note: All CVE users should reference CVE-2015-9251 instead of this candidate...

6.6AI score
Exploits2References4
VulnCheck KEV
VulnCheck KEV
added 2020/02/27 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-9459

Multiple Stored Cross-site scripting XSS vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users with minimal permissions to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mecsavenotifications...

5.4CVSS6.2AI score0.01024EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/02/12 3:26 p.m.4 views

jquery: Cross-site scripting via cross-domain ajax requests

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

6.1CVSS6.6AI score0.29726EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2019/08/20 12:0 a.m.5 views

PT-2019-7689 · WordPress · Crayon Syntax Highlighter

Name of the Vulnerable Software and Affected Versions: crayon-syntax-highlighter plugin versions prior to 2.8.4 Description: The issue concerns multiple XSS problems that can be triggered via AJAX requests. Recommendations: For versions prior to 2.8.4, update to version 2.8.4 or later to resolve...

6.1CVSS6.1AI score0.01524EPSS
Exploits0References8
CNVD
CNVD
added 2018/08/27 12:0 a.m.4 views

tecrail Responsive FileManager Path Traversal Vulnerability

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail that supports the uploading and management of videos, images and other files. A directory traversal vulnerability exists in the /filemanager/ajaxcalls.php file in versions of tecrail...

7.5CVSS6.4AI score0.45242EPSS
Exploits5References1
RedHat Linux
RedHat Linux
added 2018/03/13 2:45 p.m.3 views

js-jquery: XSS in responses from cross-origin ajax requests

REJECTED CVE This CVE has been rejected. This candidate is a duplicate of CVE-2015-9251. Note: All CVE users should reference CVE-2015-9251 instead of this candidate...

6.6AI score
Exploits2References4
Hacker One
Hacker One
added 2016/07/21 1:1 a.m.15 views

Urban Dictionary: Race Condition in Definition Votes

There exists a race condition vulnerability in definition votes, allowing any user to artificially manipulate the number of up/down votes for a definition by making asynchronous requests to vote. A malicious user can use this method to reach any number of up or down votes for a definition. See th...

7AI score
Exploits0
Rows per page
Query Builder