Lucene search
+L

729 matches found

snyk
snyk
added 2026/02/25 7:29 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of RSE metadata in the WebUI. An attacker can execute arbitrary JavaScript in the users' context by injecting malicious scripts into the City, CountryName, or ISP fields, which are then stored...

8.2CVSS5.9AI score0.00287EPSS
Exploits1References2
vulncheck_kev
vulncheck_kev
added 2026/02/25 12:0 a.m.61 views

VulnCheck KEV: CVE-2024-3495

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

9.8CVSS5.9AI score0.13618EPSS
In wildExploits1References2
redhatcve
redhatcve
added 2026/02/20 7:22 a.m.7 views

CVE-2025-13413

The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFAguardarcbfa function. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS5.4AI score0.00173EPSS
Exploits0References1
nvd
nvd
added 2026/02/19 7:17 a.m.7 views

CVE-2025-13413

The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFAguardarcbfa function. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS0.00173EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/02/19 4:36 a.m.4 views

CVE-2025-13413 Country Blocker for AdSense <= 1.0 - Cross-Site Request Forgery to Settings Update

The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFAguardarcbfa function. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS5.4AI score0.00173EPSS
Exploits0References3
cvelist
cvelist
added 2026/02/19 4:36 a.m.36 views

CVE-2025-13413 Country Blocker for AdSense <= 1.0 - Cross-Site Request Forgery to Settings Update

The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFAguardarcbfa function. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS0.00173EPSS
Exploits0References3
cve
cve
added 2026/02/19 4:36 a.m.12 views

CVE-2025-13413

CVE-2025-13413 (Country Blocker for AdSense) is a CSRF vulnerability in WordPress plugin versions up to 1.0 due to missing nonce validation in the CBFA_guardar_cbfa() function, enabling unauthenticated attackers to trigger settings updates by tricking an admin. Public details indicate the issue a...

4.3CVSS5.4AI score0.00173EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/02/19 12:0 a.m.10 views

WordPress plugin Country Blocker for AdSense 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.7AI score0.00173EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/02/19 12:0 a.m.10 views

PT-2026-20598

Name of the Vulnerable Software and Affected Versions Country Blocker for AdSense plugin for WordPress versions prior to 1.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to the absence of nonce validation in the CBFA guardar cbfa function. This allows...

4.3CVSS5.1AI score0.00173EPSS
Exploits0References5
patchstack
patchstack
added 2026/02/18 11:6 p.m.9 views

WordPress Country Blocker for AdSense plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Country Blocker for AdSense versions = 1.0...

4.3CVSS5.5AI score0.00173EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/02/17 3:16 p.m.6 views

CVE-2022-41650

Missing Authorization vulnerability in Paul Custom Content by Country by Shield Security custom-content-by-country.This issue affects Custom Content by Country by Shield Security: from n/a through 3.1.2...

6.5CVSS0.00262EPSS
Exploits0References1
cve
cve
added 2026/02/17 2:56 p.m.12 views

CVE-2022-41650

CVE-2022-41650 concerns the WordPress plugin “Custom Content by Country” (by Shield Security) with versions through 3.1.2. The Red Hat/NVD/CVE listings, and PT Security enrichment, describe a Missing Authorization vulnerability (Broken Access Control) enabling unauthorized access. The core issue ...

6.5CVSS5.2AI score0.00262EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/02/17 2:56 p.m.4 views

CVE-2022-41650 WordPress Custom Content by Country plugin <= 3.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Paul Custom Content by Country by Shield Security custom-content-by-country.This issue affects Custom Content by Country by Shield Security: from n/a through 3.1.2...

6.5CVSS5.2AI score0.00262EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/17 2:56 p.m.33 views

CVE-2022-41650 WordPress Custom Content by Country plugin <= 3.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Paul Custom Content by Country by Shield Security custom-content-by-country.This issue affects Custom Content by Country by Shield Security: from n/a through 3.1.2...

6.5CVSS0.00262EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/02/17 12:0 a.m.8 views

WordPress plugin Custom Content by Country (by Shield Security) 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1
packetstormnews
packetstormnews
added 2026/02/16 12:0 a.m.6 views

A Scan-Based Analysis of Internet-Exposed IoT Devices Using Shodan Data

An open measurement problem in IoT security is whether scan-observable network configurations encode population-level exposure risk beyond individual devices. An analysis of internet-exposed IoT endpoints using a controlled multi-country sample from Shodan Search and Shodan InternetDB, selecting...

5.6AI score
Exploits0
redhatcve
redhatcve
added 2026/02/08 1:3 p.m.16 views

CVE-2026-1675

The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...

5.3CVSS5.4AI score0.00342EPSS
Exploits0References1
nvd
nvd
added 2026/02/07 9:16 a.m.7 views

CVE-2026-1675

The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...

5.3CVSS0.00342EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/02/07 8:26 a.m.9 views

CVE-2026-1675 Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key

The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...

5.3CVSS5.5AI score0.00342EPSS
Exploits0References4
cvelist
cvelist
added 2026/02/07 8:26 a.m.35 views

CVE-2026-1675 Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key

The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...

5.3CVSS0.00342EPSS
Exploits0References5
Rows per page
Query Builder