Lucene search
K

73 matches found

Patchstack
Patchstack
added 2025/01/27 10:57 p.m.6 views

WordPress Restrict Content plugin <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability

Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Restrict Content versions = 3.2.13...

7.5CVSS6.9AI score0.00439EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/01/26 12:0 a.m.3 views

WordPress plugin Membership Plugin – Restrict Content 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure vulnerabili...

7.5CVSS8AI score0.00439EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/22 2:29 p.m.15 views

CVE-2025-23601 WordPress Tab My Content plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in patrice Tab My Content tab-my-content allows Reflected XSS.This issue affects Tab My Content: from n/a through = 1.0.0...

7.1CVSS0.00378EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/16 8:6 p.m.12 views

CVE-2025-23642 WordPress Sidebar-Content from Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pflonk Sidebar-Content from Shortcode sidebar-content-from-shortcode allows DOM-Based XSS.This issue affects Sidebar-Content from Shortcode: from n/a through = 2.0...

6.5CVSS0.00334EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/16 8:5 p.m.13 views

CVE-2025-23463 WordPress MD Custom content after or before of post plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Mukesh Dak MD Custom content after or before of post md-custom-content allows Stored XSS.This issue affects MD Custom content after or before of post: from n/a through = 1.0...

7.1CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/07 5:23 a.m.2 views

CVE-2024-11887 Geo Content <= 6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Geo Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'geotargetlygeocontent' shortcode in all versions up to, and including, 6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00313EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/11/23 12:0 a.m.12 views

WordPress Protect Your Content Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Protect Your Content Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53728 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID b6bd5726d7de Credits SOPROBRO Require...

7AI score0.00166EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.9 views

WordPress Structured Content Plugin <= 1.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Structured Content Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43307 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID df5a04e07bd7 Credits Michael Required privilege...

6.5CVSS6.6AI score0.00245EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/15 12:0 a.m.9 views

PT-2024-36779 · WordPress · Insert/Embed Articulate Content Into Wordpress

Name of the Vulnerable Software and Affected Versions: Insert or Embed Articulate Content into WordPress plugin versions prior to 4.3000000024 Description: The issue allows authors to upload arbitrary files to the site, potentially enabling them to upload PHP shells on affected sites. This could...

8.8CVSS7.3AI score0.00675EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/06/15 12:0 a.m.6 views

PT-2024-20342 · WordPress · Website Content In Page/Post

Name of the Vulnerable Software and Affected Versions: Website Content in Page or Post WordPress plugin versions prior to 2024.04.09 Description: The issue concerns the Website Content in Page or Post WordPress plugin, which does not properly validate and escape certain shortcode attributes befor...

7.5CVSS5.8AI score0.02134EPSS
Exploits1References9
Patchstack
Patchstack
added 2024/04/22 12:0 a.m.11 views

WordPress Advanced Floating Content Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Floating Content Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32723 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d833224f8b7e Credits Joshua Chan Required privile...

5.9CVSS6.6AI score0.0034EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.3 views

WordPress Plugin Church Content 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers. A security vulnerability exist...

4.3CVSS6.4AI score0.00212EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/11 10:8 a.m.5 views

WordPress Church Content plugin <= 2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Church Content – Sermons, Events and More versions = 2.6...

4.3CVSS6.9AI score0.00212EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/03/29 12:42 p.m.6 views

WordPress Download Special Box for Content plugin <= 1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Special Box for Content versions = 1...

7.1AI score0.00199EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/02/28 9:15 a.m.4 views

CVE-2024-0680

The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated...

5.3CVSS7.2AI score0.00603EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/14 12:0 a.m.4 views

WordPress plugin and WordPress cross-site scripting vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS6AI score0.00385EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/12/05 12:0 a.m.9 views

WordPress Structured Content Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Structured Content Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49820 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4db95a68f57c Credits LVT-tholv2k Required privilege...

6.5CVSS6.6AI score0.00385EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/23 12:15 a.m.2 views

CVE-2023-47668

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin = 3.2.7 versions...

7.5CVSS7.3AI score0.01009EPSS
Exploits2References1
Prion
Prion
added 2023/11/23 12:15 a.m.19 views

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin = 3.2.7 versions...

5CVSS7AI score0.01009EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/11/23 12:5 a.m.90 views

CVE-2023-47668

The CVE concerns the StellarWP Membership Plugin – Restrict Content, affecting versions ≤ 3.2.7. The root cause is exposure of sensitive information to an unauthorised actor via the plugin’s legacy log mechanism (noted as legacy rcp-debug.log exposure). Practical impact is unauthenticated access ...

7.5CVSS6.2AI score0.01009EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder