Lucene search
+L

132 matches found

Vulnrichment
Vulnrichment
added 2024/03/28 4:57 a.m.16 views

CVE-2024-30226 WordPress BetterDocs plugin <= 3.3.3 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3...

9CVSS7AI score0.00864EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/28 12:0 a.m.6 views

WordPress Plugin BetterDocs 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

9CVSS7AI score0.00864EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/03/26 12:0 a.m.19 views

WordPress BetterDocs Plugin <= 3.3.3 is vulnerable to PHP Object Injection

Software BetterDocs Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30226 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 4a7582c42893 Credits stealthcopter Required privilege Unauthenticate...

9CVSS6.8AI score0.00864EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/26 12:0 a.m.12 views

WordPress BetterDocs Plugin <= 3.4.2 is vulnerable to Cross Site Scripting (XSS)

Software BetterDocs Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2845 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d1612a5ce1f1 Credits Krzysztof Zając Required...

6.4CVSS5.8AI score0.00353EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.14 views

BetterDocs < 2.5.3 - Missing Authorization via AJAX actions

Description The BetterDocs plugin for WordPress is vulnerable to unauthorized document modification due to a missing capability check on several AJAX functions in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.7AI score0.00328EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/11/13 12:0 a.m.13 views

WordPress BetterDocs Plugin <= 2.5.2 is vulnerable to Broken Access Control

Software BetterDocs Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.5.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47762 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a29f1668c541 Credits Abdi Pranata Required...

6.5AI score0.00328EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/20 12:0 a.m.9 views

BetterDocs < 1.9.0 - Reflected Cross-Site Scripting

The plugin does not escape the tagID before outputting it back in the edit category page of the admin dashboard, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/term.php?taxonomy=doccategoryID=147"...

0.1AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.14 views

WordPress BetterDocs plugin <= 1.9.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress BetterDocs plugin versions = 1.9.1. Solution Update the WordPress BetterDocs plugin to the latest available version at least 1.9.2...

2.1AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.505 views

BetterDocs < 1.9.0 - Reflected Cross-Site Scripting

The plugin does not escape the tagID before outputting it back in the edit category page of the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/term.php?taxonomy=doccategory&tagID=147"alert/XSS/...

0.4AI score
Exploits0
WPVulnDB
WPVulnDB
added 2021/09/20 12:0 a.m.13 views

BetterDocs 1.9.0-1.9.1 - Reflected Cross-Site Scripting

The plugin does not escape the daterange parameter before outputting it back in the All docs admin dashboard, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=betterdocs-adminrange="...

0.4AI score
Exploits0Affected Software1
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.513 views

BetterDocs 1.9.0-1.9.1 - Reflected Cross-Site Scripting

The plugin does not escape the daterange parameter before outputting it back in the All docs admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=betterdocs-admin&daterange="alert/XSS/...

0.7AI score
Exploits0
Patchstack
Patchstack
added 2021/09/10 12:0 a.m.16 views

WordPress BetterDocs plugin <= 1.8.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress BetterDocs plugin versions = 1.8.4. Solution Update the WordPress BetterDocs plugin to the latest available version at least 1.9.0...

2.1AI score
Exploits0References2Affected Software1
Rows per page
Query Builder