Lucene search
+L

295 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28394

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00373EPSS
Exploits0References5
CVE
CVE
added 2025/09/23 3:34 a.m.34 views

CVE-2025-10380

The CVE-2025-10380 entry describes a Server-Side Template Injection (SSTI) in the WordPress plugin Advanced Views – Display Posts, Custom Fields, and More (ACF-Views) affecting all versions up to and including 3.7.19. Root cause: insufficient input sanitization and lack of access control when pro...

8.8CVSS6.8AI score0.00408EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.5 views

PT-2025-39110

Name of the Vulnerable Software and Affected Versions Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress versions up to and including 3.7.19 Description The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is susceptible to Server-Side Templat...

8.8CVSS7.4AI score0.00408EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/09/13 5:19 a.m.15 views

CVE-2025-9776

The CatFolders – Tame Your WordPress Media Library by Category plugin for WordPress is vulnerable to time-based SQL Injection via the CSV Import contents in all versions up to, and including, 2.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

6.5CVSS6.6AI score0.00347EPSS
Exploits2References1
CVE
CVE
added 2025/09/11 7:24 a.m.31 views

CVE-2025-9451

The CVE relates to the WordPress plugin Smartcat Translator for WPML. It describes a time-based SQL injection via the orderby parameter in all versions up to 3.1.69, caused by insufficient escaping of user input and inadequate preparation of the SQL query. The vulnerability requires authenticatio...

6.5CVSS5.9AI score0.00287EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.1 views

CVE-2025-8686 WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode

The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WPEASYFAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS4.7AI score0.0028EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.8 views

PT-2025-37143

The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.69 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS6.6AI score0.00287EPSS
Exploits0References4
CVE
CVE
added 2025/09/06 3:22 a.m.28 views

CVE-2025-9493

CVE-2025-9493 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Admin Menu Editor. The root cause is insufficient input sanitization and output escaping for the placeholder parameter, enabling an authenticated attacker with Author-level access or higher to inject scrip...

6.4CVSS4.7AI score0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.6 views

PT-2025-33707 · WordPress · Media Library Assistant

Name of the Vulnerable Software and Affected Versions: Media Library Assistant plugin for WordPress versions up to and including 3.27 Description: The Media Library Assistant plugin for WordPress is susceptible to arbitrary file deletion within the /wp-content/uploads directory. This is due to...

4.3CVSS7.3AI score0.00295EPSS
Exploits0References8
OSV
OSV
added 2025/06/19 7:15 a.m.8 views

CVE-2025-4965

The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

5.4CVSS6AI score0.00169EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:45 a.m.6 views

CVE-2024-9444

The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS5AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.8 views

CVE-2024-2023

The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handlefoldersfileupload' function. This makes it possible for authenticated attackers, with author access and above, to uplo...

4.3CVSS6AI score0.00673EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:5 a.m.5 views

CVE-2024-1332

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author...

6.4CVSS5.2AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:4 a.m.6 views

CVE-2024-4366

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blockid’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:32 a.m.5 views

CVE-2024-8538

The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing a file path in an error message. This makes it possible for authenticated attackers, with...

4.3CVSS5.7AI score0.00558EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:14 a.m.4 views

CVE-2024-9178

The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS5AI score0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/18 8:21 a.m.4 views

CVE-2025-3056 Download Manager <= 3.3.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

5.4CVSS5.6AI score0.00319EPSS
Exploits0References3
OSV
OSV
added 2025/02/28 9:15 a.m.7 views

CVE-2025-1662

The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'urlmediauploaderurlupload' action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrar...

6.4CVSS7.4AI score0.00264EPSS
Exploits0References2
OSV
OSV
added 2025/01/08 10:15 a.m.2 views

CVE-2024-12853

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to uploa...

8.8CVSS7.9AI score0.00863EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.11 views

PT-2024-16752 · WordPress · The Support Svg – Upload Svg Files In Wordpress Without Hassle

Name of the Vulnerable Software and Affected Versions: The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via REST API SVG File uploads due to insufficient input...

6.4CVSS6.2AI score0.00391EPSS
Exploits0References5
Rows per page
Query Builder