Lucene search
K

45 matches found

CNVD
CNVD
added 2025/12/22 12:0 a.m.3 views

WordPress Fancy Product Designer plugin server-side request forgery vulnerability

WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. A server-side request forgery vulnerability exists in the WordPress Fancy Product Designer plugin, which stems from the presence...

6.5CVSS6.9AI score0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 6:30 a.m.5 views

EUVD-2025-60969

The Crypto plugin for WordPress is vulnerable to unauthorized manipulation of data in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action wpajaxnoprivcryptoconnectajaxprocess that allows calling the cryptodeletejson method with only a...

5.3CVSS5.4AI score0.00303EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2025-43926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user...

6.1CVSS5.9AI score0.00202EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 9:3 p.m.10 views

CVE-2021-24988

The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprssdismissaddonnotice AJAX action missing authorisation and CSRF checks, allowing any authenticated...

5.4CVSS5.7AI score0.00292EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:0 p.m.5 views

CVE-2021-24948

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tpgetdlpostinfoajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts...

7.5CVSS6.8AI score0.01815EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.9 views

CVE-2021-24910

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action available to both unauthenticated and authenticated users when the curl library is installed before outputting it back in the response, leading to a Reflected Cross-Si...

6.1CVSS6.2AI score0.01266EPSS
Exploits4References1
CNNVD
CNNVD
added 2025/01/31 12:0 a.m.3 views

WordPress plugin Ni Sales Commission For WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.6AI score0.00231EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/04 12:0 a.m.5 views

PT-2024-16660 · WordPress · Authors List

Name of the Vulnerable Software and Affected Versions: The Authors List plugin for WordPress versions up to, and including, 2.0.4 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software permitting users to execute an action that does not properl...

7.3CVSS8AI score0.00554EPSS
Exploits0References10
OSV
OSV
added 2024/10/16 8:15 a.m.5 views

CVE-2020-36840

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxrouteurl function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers t...

9.8CVSS5.8AI score0.00403EPSS
Exploits0References2
OSV
OSV
added 2024/10/16 7:15 a.m.3 views

CVE-2021-4445

The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the padismissadminnotice AJAX action. This makes it possible for authenticated subscriber+ attackers to...

4.3CVSS5.9AI score0.00385EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/07/24 12:0 a.m.7 views

PT-2024-37849 · WordPress · Social Auto Poster

Name of the Vulnerable Software and Affected Versions: Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue is related to Stored Cross-Site Scripting via the mapTypes parameter in the 'wpw auto poster map wordpress post type' AJAX function due to...

7.2CVSS6.3AI score0.00829EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/04/02 12:0 a.m.3 views

WordPress plugin WPFront User Role Editor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

4.3CVSS8.3AI score0.0052EPSS
Exploits0References5
OSV
OSV
added 2024/03/25 10:15 a.m.3 views

DEBIAN-CVE-2021-47169

In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'requestfirmware' instead of 'requestfirmwarenowait' In 'rp2probe', the driver registers 'rp2uartinterrupt' then calls 'rp2fwcb' through 'requestfirmwarenowait'. In 'rp2fwcb', if the firmware don't exists, functi...

5.5CVSS5.5AI score0.00226EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-24285

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL...

9.8CVSS7.4AI score0.14697EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.4 views

PT-2024-15402 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 4.5.5 EventON WordPress plugin versions prior to 2.2.7 Description: The issue allows unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set, du...

5.3CVSS5.4AI score0.00453EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2023/11/30 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-0769

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL...

9.8CVSS7.4AI score0.08415EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2023/11/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-4117

The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

9.8CVSS7.4AI score0.04955EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/08/30 12:15 p.m.4 views

CVE-2023-4600

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

4.3CVSS6.8AI score0.00321EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/25 12:0 a.m.3 views

PT-2022-13289 · WordPress · The Professional Social Sharing Buttons

Name of the Vulnerable Software and Affected Versions: The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin versions prior to 9.7.6 Description: The issue is related to a lack of proper authorization check in one of the AJAX actions, allowing unauthorized access to...

5.3CVSS5AI score0.01633EPSS
Exploits2References4
OSV
OSV
added 2022/06/13 2:15 p.m.4 views

CVE-2022-1659

Vulnerable versions of the JupiterX Core = 2.0.6 plugin register an AJAX action jupiterxconditionalmanager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the subaction parameter. This can be used to view...

7.3CVSS7.1AI score0.00819EPSS
Exploits1References1
Rows per page
Query Builder