Lucene search
K

42 matches found

Vulnrichment
Vulnrichment
added 2025/07/04 11:17 a.m.3 views

CVE-2025-4414 WordPress CMSMasters Content Composer < 2.5.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer allows PHP Local File Inclusion. This issue affects CMSMasters Content Composer: from n/a through n/a...

8.1CVSS7.4AI score0.00397EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.4 views

PT-2025-27911 · Cmsmasters · Cmsmasters Content Composer

Name of the Vulnerable Software and Affected Versions: CMSMasters Content Composer affected versions not specified Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This allows PHP Local Fi...

8.1CVSS6.2AI score0.00397EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.3 views

WordPress plugin CMSMasters Content Composer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress CMSMasters Content Composer plugin that stems from not doing effective filtering of local file resource calls, which can b...

8.1CVSS6.5AI score0.00397EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/07/01 11:28 a.m.5 views

WordPress CMSMasters Content Composer plugin < 2.5.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Plugin CMSMasters Content Composer versions 2.5.7...

8.1CVSS6.7AI score0.00397EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:40 a.m.5 views

CVE-2024-7963

The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2024/12/03 3:15 a.m.13 views

CVE-2024-9694

The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0026EPSS
Exploits0References2
CVE
CVE
added 2024/12/03 2:5 a.m.46 views

CVE-2024-9694

CVE-2024-9694 : CMSMasters Elementor Addon for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability across all versions up to 1.14.7. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in multiple widgets, enabling an authen...

6.4CVSS5.8AI score0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/03 2:5 a.m.22 views

CVE-2024-9694 CMSMasters Elementor Addon <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/03 12:0 a.m.3 views

PT-2024-39766 · WordPress · Cmsmasters Elementor Addon

Name of the Vulnerable Software and Affected Versions: CMSMasters Elementor Addon plugin for WordPress versions up to, and including, 1.14.7 Description: The issue is related to Stored Cross-Site Scripting via multiple widgets due to insufficient input sanitization and output escaping on...

6.4CVSS6.1AI score0.0026EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/03 12:0 a.m.5 views

WordPress plugin CMSMasters Elementor Addon 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.5AI score0.0026EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/02 4:7 p.m.4 views

WordPress CMSMasters Elementor Addon plugin <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by István Márton in WordPress Plugin CMSMasters Elementor Addon versions = 1.14.7...

6.4CVSS5.8AI score0.0026EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/01 12:0 a.m.6 views

The vulnerability of the CMSMasters plugin for the WordPress content management system allows attackers to enhance their privileges and execute cross-site scripting attacks.

The vulnerability of the CMSMasters plugin for WordPress content management system is related to the lack of protective measures taken against the website’s structure. Exploiting this vulnerability allows attackers to enhance their privileges and perform cross-site attacks...

6.4CVSS5.3AI score0.00266EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/10/09 2:15 a.m.6 views

CVE-2024-7963

The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00266EPSS
Exploits0References2
CVE
CVE
added 2024/10/09 2:1 a.m.41 views

CVE-2024-7963

CMSMasters Content Composer for WordPress is affected by a Stored Cross-Site Scripting (XSS) via multiple shortcodes in all versions up to 1.8.8. Exploitation requires authenticated access at contributor level or higher, enabling injected scripts to execute when users load injected pages. Patch g...

6.4CVSS5.9AI score0.00266EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/09 2:1 a.m.4 views

CVE-2024-7963 CMSMasters Content Composer <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00266EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/09 12:0 a.m.4 views

WordPress plugin CMSMasters Content Composer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.4CVSS5.7AI score0.00266EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/08 3:24 p.m.5 views

WordPress CMSMasters Content Composer plugin <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin CMSMasters Content Composer versions = 1.8.8...

6.4CVSS5.8AI score0.00266EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/08 12:0 a.m.11 views

WordPress CMSMasters Content Composer Plugin <= 1.8.8 is vulnerable to Cross Site Scripting (XSS)

Software CMSMasters Content Composer Type Plugin Vulnerable versions = 1.8.8 Fixed in 1.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7963 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 38f9969e9e5b Credits István Márto...

6.4CVSS5.7AI score0.00266EPSS
Exploits0References2Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Clockstone and other CMSMasters Theme File Upload Vulnerabilities

No description provided by source. Exploit Title: Clockstone and Various other CMSMasters Theme File Upload Vulnerabilities Google Dork: wp-content/themes/clockstone Date: 12/18/2012 Exploit Author: DigiP Vendor Homepage: http://cmsmasters.net/ Software Link:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2012/12/19 12:0 a.m.34 views

WordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload

Exploit Title: Clockstone and Various other CMSMasters Theme File Upload Vulnerabilities Google Dork: "wp-content/themes/clockstone" Date: 12/18/2012 Exploit Author: DigiP Vendor Homepage: http://cmsmasters.net/ Software Link: http://themeforest.net/item/clockstone-ultimate-wordpress-theme/306607...

7.4AI score
Exploits0
Rows per page
Query Builder