Lucene search
+L

295 matches found

Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.18 views

PT-2024-16872 · WordPress · Increase Maximum Upload File Size | Increase Execution Time Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Increase Maximum Upload File Size | Increase Execution Time plugin for WordPress versions up to, and including, 1.1.3 Description: The issue allows authenticated attackers with author-level permissions and above to retrieve the full path of t...

4.3CVSS9.4AI score0.00598EPSS
Exploits0References6
OSV
OSV
added 2024/11/21 11:15 a.m.4 views

CVE-2024-9442

The F4 Improvements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above...

5.4CVSS7.4AI score0.0038EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/15 9:43 p.m.10 views

WordPress PJW Mime Config plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin PJW Mime Config versions = 1.0...

6.4CVSS5.7AI score0.0032EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/11/08 7:15 a.m.3 views

CVE-2024-10269

The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access a...

5.4CVSS5.9AI score0.00288EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/30 8:51 p.m.4 views

WordPress Easy SVG Upload plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Easy SVG Upload versions = 1.0...

6.4CVSS5.8AI score0.00295EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/18 5:15 a.m.4 views

CVE-2024-9848

The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

5.4CVSS5.9AI score0.00272EPSS
Exploits0References2
OSV
OSV
added 2024/10/18 5:15 a.m.5 views

CVE-2024-9452

The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inje...

5.4CVSS5.9AI score0.0028EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/10/02 8:15 a.m.9 views

CVE-2024-8967

The PWA — easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00311EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/10/01 3:57 a.m.7 views

WordPress AVIF & SVG Uploader plugin <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin AVIF & SVG Uploader versions = 1.1.0...

6.4CVSS5.8AI score0.00387EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/01 3:7 a.m.7 views

WordPress Slider Revolution plugin <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Slider Revolution versions = 6.7.18...

6.4CVSS5.8AI score0.00304EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.7 views

PT-2024-38806 · WordPress · Slider Revolution

Name of the Vulnerable Software and Affected Versions: Slider Revolution plugin for WordPress versions up to, and including, 6.7.18 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

6.4CVSS6.2AI score0.00304EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.6 views

PT-2024-39447 · WordPress · King Ie

Name of the Vulnerable Software and Affected Versions: king IE plugin for WordPress version 1.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

6.4CVSS6.2AI score0.00259EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/07/04 12:0 a.m.9 views

PT-2024-37623 · WordPress · Premium Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.35 Description: The issue is related to Regular Expression Denial of Service ReDoS due to the processing of user-supplied input as a regular expression. Thi...

4.3CVSS7AI score0.00581EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2024/06/21 7:15 a.m.7 views

CVE-2024-5191

The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimetypes’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.1AI score0.00314EPSS
Exploits0References4
OSV
OSV
added 2024/06/18 6:15 a.m.6 views

CVE-2023-5527

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by...

8CVSS6.2AI score0.00492EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2024/05/31 3:15 p.m.2 views

CVE-2023-7073

The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the uploadtolibrary AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web reques...

6.4CVSS5.5AI score0.0026EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.7 views

PT-2024-17949 · WordPress · Custom Fonts – Host Your Fonts Locally

Name of the Vulnerable Software and Affected Versions: Custom Fonts – Host Your Fonts Locally plugin for WordPress versions up to, and including, 2.1.4 Description: The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with author level or...

6.4CVSS6.1AI score0.00257EPSS
Exploits0References3
OSV
OSV
added 2024/05/16 9:16 p.m.6 views

CVE-2024-2619

The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject...

5.4CVSS5.8AI score0.00377EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.3 views

PT-2024-22417 · WordPress · Enhanced Media Library

Name of the Vulnerable Software and Affected Versions: Enhanced Media Library plugin for WordPress versions up to, and including, 2.8.9 Description: The issue allows authenticated attackers with author-level access and above to inject arbitrary web scripts in pages via media upload functionality...

5.4CVSS6.2AI score0.00388EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.8 views

PT-2024-28236 · WordPress · 3D Flipbook

Name of the Vulnerable Software and Affected Versions: 3D FlipBook plugin for WordPress versions up to, and including, 1.15.4 Description: The issue is related to Stored Cross-Site Scripting via the Bookmark URL field due to insufficient input sanitization and output escaping. This allows...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References8
Rows per page
Query Builder