CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

150 matches found

Positive Technologies•added 2023/10/06 12:0 a.m.•3 views

PT-2023-29278 · Bestwebsoft · Profile Extra Fields

Name of the Vulnerable Software and Affected Versions: The Profile Extra Fields by BestWebSoft plugin for WordPress versions up to, and including, 1.2.7 Description: The issue is related to unauthorized access of data due to a missing capability check on the prflxtrflds export file function. This...

5.3CVSS5.9AI score0.00467EPSS

Exploits0References7

OSV•added 2023/07/12 4:15 a.m.•2 views

CVE-2021-4412

The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...

4.3CVSS5.6AI score0.00342EPSS

Exploits0References9

CNNVD•added 2023/07/12 12:0 a.m.•3 views

WordPress Plugin WP Prayer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS5AI score0.00342EPSS

Exploits0References10

SUSE CVE•added 2023/02/15 4:50 a.m.•3 views

SUSE CVE-2017-5381

The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox 51...

7.5CVSS6.1AI score0.01279EPSS

Exploits0References6

SUSE CVE•added 2023/02/15 4:28 a.m.•1 views

SUSE CVE-2018-9841

The export function in libavfilter/vfsignature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service out-of-array access or possibly have unspecified other impact via a long filename...

8.8CVSS9.1AI score0.01763EPSS

Exploits0References3

Huntr•added 2022/12/29 1:5 p.m.•28 views

Local File Read through Improper Filename Validation

Description This vulnerability occur because there is no filename validation on logoimagelogin and logoimageheader on import and export function. Attacker can use path traversal payload to leak local file such as /etc/passwd or froxlor config file. Proof of Concept 1. Go to import function on...

1.7CVSS5.4AI score0.00729EPSS

Exploits2References1

BDU FSTEC•added 2022/08/16 12:0 a.m.•3 views

The export function of the vRealize Log Insight management tool is vulnerable, allowing attackers to compromise the integrity of the protected information.

The vulnerability of the export function of the vRealize Log Insight management tool exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...

4.3CVSS5.5AI score0.00553EPSS

Exploits0References4Affected Software1

OSV•added 2022/07/21 6:15 p.m.•2 views

CVE-2022-31475

Authenticated custom plugin role Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin = 2.20.2 at WordPress...

4.9CVSS5.8AI score0.00671EPSS

Exploits0References2

OSV•added 2022/07/21 6:15 p.m.•1 views

CVE-2022-28700

Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin = 2.20.2 at WordPress...

7.2CVSS5.8AI score0.01423EPSS

Exploits0References2

Prion•added 2022/07/21 6:15 p.m.•12 views

Privilege escalation

Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin = 2.20.2 at WordPress...

5.8CVSS6.9AI score0.01423EPSS

Exploits0References2Affected Software1

Prion•added 2022/07/21 6:15 p.m.•11 views

Design/Logic Flaw

Authenticated custom plugin role Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin = 2.20.2 at WordPress...

3.3CVSS5.2AI score0.00671EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/07/21 5:24 p.m.•32 views

CVE-2022-31475 WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Read via Export function vulnerability

Authenticated custom plugin role Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin = 2.20.2 at WordPress...

5.5CVSS6.6AI score0.00671EPSS

Exploits0References2

Cvelist•added 2022/07/21 5:23 p.m.•29 views

CVE-2022-28700 WordPress GiveWP plugin <= 2.20.2 - Authenticated Arbitrary File Creation via Export function vulnerability

Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin = 2.20.2 at WordPress...

9.1CVSS9.4AI score0.01423EPSS

Exploits0References2

CNNVD•added 2022/07/21 12:0 a.m.•4 views

WordPress plugin GiveWP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.1CVSS7.2AI score0.01423EPSS

Exploits0References3

Positive Technologies•added 2022/07/21 12:0 a.m.•2 views

PT-2022-20753 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP plugin versions = 2.20.2 Description: The issue is related to an authenticated arbitrary file read vulnerability via the export function in the GiveWP plugin for WordPress. This vulnerability can be exploited by users with a custom...

5.5CVSS4.9AI score0.00671EPSS

Exploits0References5