Lucene search
+L

295 matches found

Patchstack
Patchstack
added 2024/04/17 3:20 a.m.4 views

WordPress FileBird plugin <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference vulnerability

Authenticated Author+ Insecure Direct Object Reference vulnerability discovered by Tim Coen in WordPress Plugin Filebird versions = 5.6.3...

5.4CVSS7AI score0.00308EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/04/06 6:15 a.m.5 views

CVE-2024-2471

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type' in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This...

5.4CVSS5.9AI score0.00344EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.15 views

PT-2024-20505 · WordPress · Foogallery

Name of the Vulnerable Software and Affected Versions: FooGallery plugin for WordPress versions up to, and including, 2.4.14 Description: The issue is related to Stored Cross-Site Scripting via image attachment fields, such as Title, Alt Text, Custom URL, Custom Class, and Override Type, due to...

6.4CVSS7.8AI score0.00344EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/03/30 12:0 a.m.7 views

PT-2024-23230 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.13 Description: The issue allows authenticated attackers with author-level access and above to inject a PHP Object via deserialization of untrusted inp...

8.8CVSS9.7AI score0.00775EPSS
Exploits0References5
OSV
OSV
added 2023/10/20 7:15 a.m.4 views

CVE-2023-4968

The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

4.8CVSS6AI score0.00449EPSS
Exploits0References3
OSV
OSV
added 2023/04/25 12:0 a.m.6 views

CVE-2023-31223

Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars...

8.7CVSS6.1AI score0.00509EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/11/16 12:0 a.m.6 views

PT-2022-25291 · WordPress · Svg Support

Name of the Vulnerable Software and Affected Versions: SVG Support plugin for WordPress versions 2.5 through 2.5.1 Description: The SVG Support plugin for WordPress defaults to insecure settings, allowing authenticated attackers with author-level privileges and higher to upload malicious SVG file...

6.4CVSS5.8AI score0.00413EPSS
Exploits0References5
OSV
OSV
added 2021/04/05 7:15 p.m.2 views

CVE-2021-24168

The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields such as Email Subject, Email Recipient, etc when creating or editing a form, leading to an authenticated author+ stored cross-site scripting issue. This could allow medium privilege accounts such a...

5.4CVSS6AI score0.00628EPSS
Exploits1References1
Prion
Prion
added 2019/12/17 5:15 a.m.17 views

Code injection

core/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database...

4CVSS6.4AI score0.0127EPSS
Exploits0References5Affected Software3
UbuntuCve
UbuntuCve
added 2019/12/17 5:15 a.m.23 views

CVE-2019-19830

core/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database...

6.5CVSS6.9AI score0.0127EPSS
Exploits0References6
OSV
OSV
added 2019/12/17 5:15 a.m.5 views

UBUNTU-CVE-2019-19830

core/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database...

6.5CVSS7.3AI score0.0127EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2019/12/17 4:33 a.m.36 views

CVE-2019-19830

core/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database...

6.5CVSS7.2AI score0.0127EPSS
Exploits0
Cvelist
Cvelist
added 2019/12/17 4:33 a.m.22 views

CVE-2019-19830

core/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database...

6.4AI score0.0127EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2012/09/06 9:55 p.m.4 views

CVE-2012-1468

Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in...

6CVSS6.2AI score0.03482EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2012/08/30 10:55 p.m.2 views

CVE-2011-5134

Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: so...

6CVSS6.2AI score0.01055EPSS
Exploits0References4
Rows per page
Query Builder