Lucene search
K

729 matches found

Cvelist
Cvelist
added 2026/02/07 8:26 a.m.35 views

CVE-2026-1675 Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key

The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for...

5.3CVSS0.00342EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.9 views

WordPress plugin Advanced Country Blocker 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00342EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.12 views

PT-2026-6896

Name of the Vulnerable Software and Affected Versions Advanced Country Blocker plugin for WordPress versions prior to 2.3.2 Description The Advanced Country Blocker plugin for WordPress is susceptible to an authorization bypass. This is due to the use of a predictable default value for the secret...

5.3CVSS5.5AI score0.00342EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/02/06 11:51 p.m.7 views

WordPress Advanced Country Blocker plugin <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability

Unauthenticated Authorization Bypass via Insecure Default Secret Key vulnerability discovered by Hector Flores in WordPress Plugin Advanced Country Blocker versions = 2.3.1...

5.3CVSS5.3AI score0.00342EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 4:28 a.m.6 views

WordPress GeoDataSource Country Region DropDown plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin GeoDataSource Country Region DropDown versions = 1.0.1...

6.4CVSS8.3AI score0.00344EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/21 12:30 p.m.11 views

CVE-2025-41024

Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country', 'mobilenumbe...

5.4CVSS5.5AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 12:15 p.m.6 views

CVE-2025-41024

Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country',...

5.4CVSS5.8AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/01/20 11:35 a.m.15 views

CVE-2025-41024

CVE-2025-41024 affects Poultry Farm Management System v1.0. Stored XSS arises from insufficient validation of POST input in /farm/farmprofile.php, specifically for parameters: companyaddress, companyemail, companyname, country, mobilenumber, and regno. Root cause: lack of proper input validation ...

5.4CVSS5.5AI score0.00162EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 11:35 a.m.6 views

CVE-2025-41024 Stored Cross-Site Scripting in Poultry Farm Management System

Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'companyaddress', 'companyemail', 'companyname', 'country',...

5.1CVSS5.5AI score0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.11 views

PT-2026-3550

Name of the Vulnerable Software and Affected Versions Poultry Farm Management System version 1.0 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data when a POST request is made. The following parameters in the '/farm/farmprofile.php'...

5.4CVSS5.4AI score0.00162EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.11 views

CVE-2022-0246

The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one...

4.9CVSS6.7AI score0.03315EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.5 views

CVE-2025-13694

The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied headers such as HTTPXFORWARDEDFOR to determine the client's IP address without proper validation or considering if the server is...

5.3CVSS6AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-13694

The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied headers such as HTTPXFORWARDEDFOR to determine the client's IP address without proper validation or considering if the server is...

5.3CVSS0.00205EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/07 11:21 a.m.7 views

WordPress AA Block country plugin <= 1.0.1 - Unauthenticated IP Address Spoofing via X-Forwarded-For Header vulnerability

Unauthenticated IP Address Spoofing via X-Forwarded-For Header vulnerability discovered by Ivan Cese in WordPress Plugin AA Block country versions = 1.0.1...

5.3CVSS6.8AI score0.00205EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/07 9:20 a.m.4 views

CVE-2025-13694 AA Block country <= 1.0.1 - Unauthenticated IP Address Spoofing via X-Forwarded-For Header

The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied headers such as HTTPXFORWARDEDFOR to determine the client's IP address without proper validation or considering if the server is...

5.3CVSS5.7AI score0.00205EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:11 a.m.19 views

CVE-2025-1361

The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admininit function. This makes it possible for unauthenticated attackers to view the plugin's settings...

7.5CVSS6.7AI score0.01278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

WordPress plugin AA Block Country 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.4AI score0.00205EPSS
Exploits0References3
NVD
NVD
added 2025/12/09 7:15 p.m.5 views

CVE-2025-65300

A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...

5.4CVSS0.00169EPSS
Exploits1References2
OSV
OSV
added 2025/12/09 7:15 p.m.6 views

CVE-2025-65300

A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...

5.4CVSS6AI score0.00169EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/09 12:0 a.m.2 views

CVE-2025-65300

A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...

5.5AI score0.00169EPSS
Exploits1References2
Rows per page
Query Builder