Lucene search
K

256 matches found

RedhatCVE
RedhatCVE
added 2025/06/11 4:3 p.m.5 views

CVE-2025-31635

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in LambertGroup CLEVER lbg-audio11-html5-shoutcasthistory allows Path Traversal.This issue affects CLEVER: from n/a through = 2.6.2...

7.5CVSS5.7AI score0.00461EPSS
Exploits0References1
NVD
NVD
added 2025/06/09 4:15 p.m.5 views

CVE-2025-31635

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in LambertGroup CLEVER lbg-audio11-html5-shoutcasthistory allows Path Traversal.This issue affects CLEVER: from n/a through = 2.6...

7.5CVSS0.00461EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/09 3:56 p.m.3 views

CVE-2025-31635 WordPress CLEVER <= 2.6 - Arbitrary File Download Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in LambertGroup CLEVER allows Path Traversal. This issue affects CLEVER: from n/a through 2.6...

7.5CVSS7AI score0.00461EPSS
Exploits0References1
CVE
CVE
added 2025/06/09 3:56 p.m.47 views

CVE-2025-31635

CVE-2025-31635: WordPress CLEVER plugin ≤ 2.6 contains an unauthenticated path traversal vulnerability enabling arbitrary file download. The issue stems from improper pathname handling in the CLEVER plugin, allowing access to restricted files. Public references corroborate affected versions as “n...

7.5CVSS5.2AI score0.00461EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/09 12:0 a.m.2 views

WordPress plugin CLEVER 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CLEVER plugin suffers from a path traversal vulnerability that stems from the program failing to properly filter special elements in the path of a resource or file...

7.5CVSS6.9AI score0.00461EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.4 views

PT-2025-24487 · Lambertgroup · Lambertgroup Clever

Name of the Vulnerable Software and Affected Versions: LambertGroup CLEVER versions n/a through 2.6 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in LambertGroup CLEVER...

7.5CVSS7.4AI score0.00461EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:28 a.m.7 views

CVE-2024-43324

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.0...

5.9CVSS6.8AI score0.00245EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:22 a.m.6 views

CVE-2024-1768

The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

6.4CVSS4.8AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.6 views

CVE-2024-10357

The Clever Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.1 via the getTemplateContent function in src/widgets/class-clever-widget-base.php. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00419EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:26 a.m.11 views

CVE-2024-51580

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zootemplate Clever Addons for Elementor cafe-lite allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through = 2.2.1...

6.5CVSS5.9AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:15 a.m.7 views

CVE-2023-47754

Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9...

9.8CVSS8.6AI score0.00509EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:10 a.m.7 views

CVE-2023-23823

Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8...

4.3CVSS8.6AI score0.00486EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:5 a.m.9 views

CVE-2023-6876

The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated...

5.4CVSS6.4AI score0.00385EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.6 views

CVE-2021-24273

The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method...

5.4CVSS5.7AI score0.0059EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:1 p.m.10 views

CVE-2005-2326

Cross-site scripting XSS vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php...

4.3CVSS5.9AI score0.02702EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:1 p.m.7 views

CVE-2005-2325

Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to 1 ticker.php, 2 menu.php, 3 banned.php, 4 endlayout.php, 5 randomhlinesblock.php, 6 showlast.php, 7 showlast5class1.php, 8 showlast5phorum.php, 9 showlast5phorumblock.php, 10...

5CVSS7AI score0.01846EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:1 p.m.8 views

CVE-2005-2324

Cross-site scripting XSS vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the searchtype or searchterm parameters to 1 results.php or 2 categorysearch.php...

4.3CVSS5.9AI score0.02751EPSS
Exploits1References1
CVE
CVE
added 2025/04/19 4:21 a.m.67 views

CVE-2025-3103

CVE-2025-3103 : The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon for WordPress is vulnerable to an unauthenticated arbitrary file read due to insufficient file path validation in the history.php file. This affects all versions up to and including 2.4, ...

7.5CVSS7.3AI score0.00349EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/19 12:0 a.m.5 views

WordPress plugin CLEVER 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.5CVSS7.8AI score0.00349EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 6:17 p.m.14 views

CVE-2017-11429

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...

9.8CVSS6.9AI score0.02381EPSS
Exploits1References1
Rows per page
Query Builder