Lucene search
K

78 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:43 a.m.4 views

CVE-2024-7489

The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS6.1AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:41 a.m.9 views

CVE-2024-9590

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaftaddmetatextinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied...

5.5CVSS5.8AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.8 views

CVE-2024-10672

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpgupsertprojectsourceblock function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with...

2.7CVSS6.7AI score0.00484EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:53 a.m.4 views

CVE-2023-1019

The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...

5.4CVSS7.6AI score0.00462EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:51 a.m.6 views

CVE-2023-2435

The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.0 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...

7.2CVSS7.7AI score0.0112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/10 2:38 a.m.9 views

CVE-2024-13890

The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access a...

7.2CVSS7.3AI score0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/08 2:24 a.m.14 views

CVE-2024-13890 Allow PHP Execute <= 1.0 - Authenticated (Editor+) PHP Code Injection

The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access a...

7.2CVSS0.00435EPSS
Exploits0References2
CVE
CVE
added 2025/03/08 2:24 a.m.45 views

CVE-2024-13890

CVE-2024-13890 affects the WordPress plugin Allow PHP Execute (

7.2CVSS7AI score0.00435EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/03 12:20 p.m.4 views

CVE-2024-13833

The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject ...

7.2CVSS7.2AI score0.00582EPSS
Exploits0References1
NVD
NVD
added 2025/03/01 12:15 p.m.8 views

CVE-2024-13833

The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject ...

7.2CVSS0.00582EPSS
Exploits0References2
CVE
CVE
added 2025/03/01 11:22 a.m.53 views

CVE-2024-13833

CVE-2024-13833: Album Gallery – WordPress Gallery plugin vulnerable to authenticated PHP Object Injection via gallery meta in all versions

7.2CVSS7.5AI score0.00582EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/01 11:22 a.m.10 views

CVE-2024-13833 Album Gallery – WordPress Gallery <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta

The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject ...

7.2CVSS0.00582EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 11:42 a.m.6 views

CVE-2024-7560

The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflashpostmeta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...

7.2CVSS7.2AI score0.0062EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:36 a.m.10 views

CVE-2024-7351

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...

7.2CVSS7AI score0.0062EPSS
Exploits0References1
CVE
CVE
added 2024/11/22 5:33 a.m.52 views

CVE-2024-10034

CVE-2024-10034 affects the WordPress plugin “Gallery Blocks with Lightbox” (also listed as Simply Gallery Block). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the gallery link text parameter, exploitable by authenticated attackers with Editor-level access or higher. Affected v...

5.5CVSS5.1AI score0.00364EPSS
Exploits0References2
NVD
NVD
added 2024/11/21 11:15 a.m.6 views

CVE-2024-11409

The Grid View Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input from csallphotosdetails parameter. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a...

7.2CVSS0.01063EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/21 2:6 a.m.21 views

CVE-2024-11409 Grid View Gallery <= 1.0 - Authenticated (Editor+) PHP Object Injection

The Grid View Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input from csallphotosdetails parameter. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a...

7.2CVSS0.01063EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/21 2:6 a.m.9 views

CVE-2024-11409 Grid View Gallery <= 1.0 - Authenticated (Editor+) PHP Object Injection

The Grid View Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input from csallphotosdetails parameter. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a...

7.2CVSS7.2AI score0.01063EPSS
Exploits0References2
CVE
CVE
added 2024/11/21 2:6 a.m.40 views

CVE-2024-11409

The Grid View Gallery WordPress plugin (versions

7.2CVSS7AI score0.01063EPSS
Exploits0References2
NVD
NVD
added 2024/11/12 4:15 a.m.24 views

CVE-2024-10672

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpgupsertprojectsourceblock function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with...

2.7CVSS0.00484EPSS
Exploits0References4
Rows per page
Query Builder