Lucene search
K

78 matches found

WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.18 views

Visual Composer Website Builder < 45.7.0 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 45.6.0 due to insufficient input sanitization and...

5.9CVSS5.9AI score0.00345EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.16 views

Multiple Page Generator Plugin – MPG < 3.4.1 - Authenticated (Editor+) Remote Code Execution

Description The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with editor-level access and above, to execute code on the server...

9.1CVSS7.9AI score0.00603EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/03/16 2:34 a.m.29 views

CVE-2023-6525 ElementsKit Elementor addons <= 3.0.3 - Authenticated(Editor+) Stored Cross-Site Scripting

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

5.5CVSS5.2AI score0.00432EPSS
Exploits0References3
Prion
Prion
added 2024/03/02 12:16 p.m.13 views

Cross site scripting

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.5. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web...

3.2CVSS6AI score0.00656EPSS
Exploits1References2
NVD
NVD
added 2024/03/02 12:16 p.m.27 views

CVE-2024-0611

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web...

4.8CVSS4.3AI score0.00656EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/03/02 11:15 a.m.33 views

CVE-2024-0611 Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated(Editor+) Stored Cross-Site Scripting via slider callback

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web...

4.4CVSS4.5AI score0.00656EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/02 11:15 a.m.13 views

CVE-2024-0611 Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated(Editor+) Stored Cross-Site Scripting via slider callback

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web...

4.4CVSS6.7AI score0.00656EPSS
Exploits1References3
CVE
CVE
added 2024/03/02 11:15 a.m.84 views

CVE-2024-0611

CVE-2024-0611 affects Master Slider – Responsive Touch Slider for WordPress. Connected docs confirm a Stored Cross-Site Scripting flaw in the slides callback, impacting versions up to and including 3.9.5. Exploitation requires authenticated Editor+ access and affects multisite setups or sites wit...

4.8CVSS6.7AI score0.00656EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/01 12:0 a.m.15 views

Master Slider <= 3.9.9 - Editor+ Stored XSS via slider callback

Description The plugin is vulnerable to Stored Cross-Site Scripting via the slides callback functionality. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only...

4.8CVSS4.7AI score0.00656EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.6 views

PT-2024-1863 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.5 Google ChromeOS affected versions not specified Description: The issue is related to insufficient access control in Google ChromeOS and a...

6.8CVSS7.9AI score0.00656EPSS
Exploits1References12
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.21 views

Blocksy < 2.0.20 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via headers/footers in all versions up to, and including, 2.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to...

4.9CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.12 views

Scroll Triggered Box <= 2.3 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Scroll Triggered Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to injec...

4.9CVSS5.8AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 2023/12/01 11:15 a.m.34 views

CVE-2023-6449

The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7antiscriptfilename' function in versions up to, and including, 5.8.3. This makes it possible for...

7.2CVSS0.01732EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2023/12/01 12:0 a.m.115 views

Contact Form 7 < 5.8.4 - Authenticated (Editor+) Arbitrary File Upload

Description The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7antiscriptfilename' function in versions up to, and including, 5.8.3. This makes it possible f...

7.2CVSS7.6AI score0.01732EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.19 views

Salon booking system < 8.7 - Authenticated (Editor+) Privilege Escalation

Description The Salon booking system plugin for WordPress is vulnerable to privilege escalation in all versions up to, but excluding, 8.7. This makes it possible for authenticated attackers, with editor-level access and above, to escalate their privileges to that of an administrator...

7.3AI score0.00524EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/05/31 4:15 a.m.3 views

CVE-2023-2434

The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings...

3.8CVSS6.7AI score0.00668EPSS
Exploits0References4
OSV
OSV
added 2023/05/31 4:15 a.m.15 views

CVE-2023-2434

The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings...

3.8CVSS6.7AI score0.00668EPSS
Exploits0References3
OSV
OSV
added 2021/11/08 6:15 p.m.5 views

CVE-2021-24631

The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection...

8.8CVSS5.8AI score0.01517EPSS
Exploits2References2
Rows per page
Query Builder