Lucene search
K

54 matches found

CVE
CVE
added 2024/11/21 7:35 a.m.47 views

CVE-2024-10890

CVE-2024-10890 describes a reflected Cross-Site Scripting vulnerability in the WordPress plugin “WPAdverts – Classifieds Plugin” up to version 2.1.7. The issue stems from using add_query_arg and remove_query_arg without proper escaping, enabling unauthenticated attackers to inject script into pag...

6.1CVSS6AI score0.00572EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/21 7:35 a.m.33 views

CVE-2024-10890 WPAdverts – Classifieds Plugin <= 2.1.7 - Reflected Cross-Site Scripting

The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated attackers to injec...

6.1CVSS0.00572EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/11/20 12:0 a.m.13 views

WordPress WPAdverts – Classifieds Plugin Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software WPAdverts – Classifieds Plugin Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10890 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cf76651e6ed6 Credits...

6.1CVSS5.6AI score0.00572EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/10/30 7:15 a.m.24 views

CVE-2024-10108

The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advertsadd shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

7.2CVSS0.00382EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/30 6:43 a.m.30 views

CVE-2024-10108 WPAdverts – Classifieds Plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode

The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advertsadd shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

7.2CVSS0.00382EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.4 views

PT-2024-16031 · WordPress · Wpadverts

Name of the Vulnerable Software and Affected Versions: WPAdverts – Classifieds Plugin versions up to, and including, 2.1.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's adverts add shortcode due to insufficient input sanitization and output escaping. This allow...

7.2CVSS6.4AI score0.00382EPSS
Exploits0References12
Patchstack
Patchstack
added 2024/10/29 12:0 a.m.10 views

WordPress WPAdverts – Classifieds Plugin Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software WPAdverts – Classifieds Plugin Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10108 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d98a67dcc148 Credits...

7.2CVSS5.6AI score0.00382EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/21 12:0 a.m.10 views

WordPress WPAdverts – Classifieds Plugin Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software WPAdverts – Classifieds Plugin Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-37238 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19fe789eab09 Credits Majed Refa...

6.9AI score0.00191EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.7 views

WordPress Plugin WordPress Classifieds Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WordPress Classifieds Plug...

4.3CVSS6.5AI score0.00212EPSS
Exploits0References2
OSV
OSV
added 2023/12/29 2:15 p.m.3 views

CVE-2023-51473

Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3...

9.8CVSS7.3AI score0.00617EPSS
Exploits0References1
Prion
Prion
added 2023/12/29 2:15 p.m.17 views

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3...

7.5CVSS7.2AI score0.00617EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/29 1:12 p.m.51 views

CVE-2023-51473

CVE-2023-51473 affects TerraClassifieds – Simple Classifieds Plugin for WordPress (up to version 2.0.3). The vulnerability is an Unrestricted Upload of File with Dangerous Type, allowing unauthenticated arbitrary file uploads. Public references in the provided docs confirm it as an active issue w...

10CVSS8.6AI score0.00617EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/06 3:15 p.m.3 views

CVE-2023-41801

Cross-Site Request Forgery CSRF vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin = 4.3 versions...

8.8CVSS5.8AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/06 12:0 a.m.5 views

PT-2023-28101 · Awp Classifieds · Awp Classifieds Team Ad Directory & Listings

Name of the Vulnerable Software and Affected Versions: AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin versions = 4.3 Description: A Cross-Site Request Forgery CSRF issue has been identified. This type of issue allows an attacker to trick a user into performing unintended...

8.8CVSS9.3AI score0.00208EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/10/06 12:0 a.m.6 views

WordPress Plugin WordPress Classifieds Plugin - Ad Directory & Listings by AWP Classifieds Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WordPress...

8.8CVSS6.6AI score0.00208EPSS
Exploits0References2
NVD
NVD
added 2022/10/31 4:15 p.m.19 views

CVE-2022-3254

The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection...

9.8CVSS0.05103EPSS
Exploits2References1
Prion
Prion
added 2022/10/31 4:15 p.m.17 views

Sql injection

The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection...

7.5CVSS9.7AI score0.05103EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/10/31 12:0 a.m.75 views

CVE-2022-3254

CVE-2022-3254 affects the WordPress AWP Classifieds Plugin (versions prior to 4.3). The issue is an SQL injection caused by improper sanitization/escaping of parameters in an unauthenticated AJAX action, and is triggered when a specific premium module is active. The vulnerability allows execution...

9.8CVSS9.8AI score0.05103EPSS
In wildExploits2References1Affected Software1
Cvelist
Cvelist
added 2022/10/31 12:0 a.m.26 views

CVE-2022-3254 AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi

The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection...

9.9AI score0.05103EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/10/31 12:0 a.m.16 views

WordPress plugin WordPress Classifieds Plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

9.8CVSS8.5AI score0.05103EPSS
Exploits2References2
Rows per page
Query Builder