Lucene search
K

63 matches found

Patchstack
Patchstack
added 2025/11/24 8:10 a.m.10 views

WordPress S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin <= 1.7.8 - Authenticated (Editor+) Arbitrary File Upload vulnerability

Authenticated Editor+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin S2B AI Assistant versions = 1.7.8...

7.2CVSS7AI score0.00873EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/11/18 12:29 p.m.9 views

CVE-2025-8084 AI Engine <= 3.1.8 - Authenticated (Editor+) Server-Side Request Forgery

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.8 via the resthelperscreateimages function. This makes it possible for authenticated attackers, with Editor-level access and above, to make web requests to arbitrary locations...

6.8CVSS0.00376EPSS
Exploits0References3
CVE
CVE
added 2025/11/14 6:0 a.m.21 views

CVE-2025-10686

The CVE-2025-10686 has concrete details across multiple sources: Creta Testimonial Showcase WordPress plugin prior to v1.2.4 is vulnerable to Local File Inclusion. Authenticated users with editor-level access or higher can include and execute arbitrary PHP files on the server, enabling code execu...

7.2CVSS6.9AI score0.00429EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.3 views

CVE-2025-12538 Fleet Manager <= 2.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting

The Fleet Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and abov...

4.4CVSS4.6AI score0.00195EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/04 4:54 a.m.7 views

WordPress Nari Accountant plugin <= 1.0.12 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Nari Accountant versions = 1.0.12...

4.4CVSS5.7AI score0.00173EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/15 8:25 a.m.7 views

CVE-2025-10045 onOffice for WP-Websites <= 6.5.1 - Authenticated (Editor+) SQL Injection

The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

4.9CVSS0.00337EPSS
Exploits0References2
CVE
CVE
added 2025/10/15 8:25 a.m.17 views

CVE-2025-10045

CVE-2025-10045 (onOffice for WP-Websites, WordPress) : The plugin is vulnerable to SQL Injection via the string parameter order in all versions up to 5.7 due to insufficient escaping of user input and inadequate query preparation. Exploitation requires authenticated access at Editor+ level, enabl...

4.9CVSS5.9AI score0.00337EPSS
Exploits0References2
CVE
CVE
added 2025/10/15 8:25 a.m.16 views

CVE-2025-10754

The CVE-2025-10754 entry concerns the DocoDoco Store Locator WordPress plugin. The vulnerability is an authenticated Arbitrary File Upload due to missing file type validation in the ZIP upload in versions up to 1.0.1. Wordfence notes that authenticated attackers with Editor-level access (or highe...

7.2CVSS7AI score0.00634EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1993

Malicious code in bioql PyPI...

4CVSS6.3AI score0.00991EPSS
Exploits0References4
CVE
CVE
added 2025/10/03 11:17 a.m.18 views

CVE-2025-9372

CVE-2025-9372 documents a stored XSS vulnerability in WordPress plugin Ultimate Multi Design Video Carousel (versions ≤ 1.4) caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at editor level and affects multi-site installations or sites wher...

5.5CVSS4.7AI score0.00201EPSS
Exploits0References2
OSV
OSV
added 2025/08/14 1:17 p.m.7 views

CVE-2025-55672 Apache Superset: Stored XSS on charts metadata

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

5.3CVSS6.4AI score0.00617EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 5:12 a.m.8 views

CVE-2023-23786

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Christof Servit affiliate-toolkit plugin = 3.3.3 versions...

5.9CVSS5.6AI score0.00358EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/08 2:30 a.m.5 views

WordPress Allow PHP Execute plugin <= 1.0 - Authenticated (Editor+) PHP Code Injection vulnerability

Authenticated Editor+ PHP Code Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Allow PHP Execute versions = 1.0...

7.2CVSS7.4AI score0.00435EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/10 2:58 p.m.7 views

WordPress UserPlus plugin <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation vulnerability

Authenticated Editor+ Registration Form Update to Privilege Escalation vulnerability discovered by István Márton in WordPress Plugin UserPlus versions = 2.0...

7.2CVSS7AI score0.00453EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/08 5:32 p.m.5 views

WordPress Smart Post Show plugin <= 3.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Pagination Color vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Pagination Color vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Post Grid, Post Carousel, & List Category Posts – by Smart Post Show versions = 3.0.0...

4.8CVSS5.8AI score0.00255EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/08/07 2:26 p.m.4 views

WordPress News Flash theme <= 1.1.0 - Authenticated (Editor+) PHP Object Injection vulnerability

Authenticated Editor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme News Flash versions = 1.1.0...

7.2CVSS7.3AI score0.0062EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/03 12:45 p.m.5 views

WordPress Frontend Registration – Contact Form 7 plugin <= 5.1 - Authenticated (Editor+) Privilege Escalation vulnerability

Authenticated Editor+ Privilege Escalation vulnerability discovered by István Márton in WordPress Plugin Frontend Registration – Contact Form 7 versions = 5.1...

7.2CVSS7AI score0.00466EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/05/10 9:15 a.m.3 views

CVE-2022-32970

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in Themify Themify Portfolio Post plugin = 1.2.4 versions...

5.4CVSS5.8AI score0.00364EPSS
Exploits0References1
OSV
OSV
added 2023/03/29 1:15 p.m.2 views

CVE-2022-47438

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin = 3.2.3 versions...

5.4CVSS5.8AI score0.0038EPSS
Exploits0References1
NCSC
NCSC
added 2022/12/02 12:0 a.m.2 views

Vulnerability fixed in Grafana

Grafana Labs has fixed a vulnerability in Grafana. The vulnerability allows an authenticated remote malicious person to able to execute arbitrary code in the browser on a victim's victim's system. To do this, the malicious party must trick the entice the victim to click on a rogue link. Grafana...

8.7CVSS9.5AI score0.68603EPSS
Exploits0
Rows per page
Query Builder