Lucene search
K

196 matches found

OSV
OSV
added 2024/06/05 7:15 a.m.4 views

CVE-2024-5222

The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output...

5.4CVSS5.9AI score0.00315EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/05 6:50 a.m.19 views

CVE-2024-5222 Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. <= 3.0.5 - Authenticated (Author+) Stored Cross-Site Scripting

The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output...

6.4CVSS5.7AI score0.00315EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.18 views

Qi Blocks < 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS5.8AI score0.00252EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/01 9:7 a.m.13 views

CVE-2024-35636 WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Uploadcare Uploadcare File Uploader and Adaptive Delivery beta uploadcare.This issue affects Uploadcare File Uploader and Adaptive Delivery beta: from n/a through 3.0.11...

4.3CVSS7AI score0.00172EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/05/30 9:3 a.m.2 views

WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Mikage.K Patchstack Alliance in WordPress Plugin Uploadcare File Uploader and Adaptive Delivery beta versions = 3.0.11...

4.3CVSS7AI score0.00172EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/05/30 12:0 a.m.8 views

WordPress Uploadcare File Uploader and Adaptive Delivery (beta) Plugin <= 3.0.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Uploadcare File Uploader and Adaptive Delivery beta Type Plugin Vulnerable versions = 3.0.11 Fixed in 3.1.0 OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-35636 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7af925782e5b...

4.3CVSS6.9AI score0.00172EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/03/26 8:15 p.m.12 views

CVE-2023-23656

Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1...

10CVSS9.6AI score0.00809EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/26 7:51 p.m.15 views

CVE-2023-23656 WordPress MainWP File Uploader Extension Plugin <= 4.1 - Unauthenticated Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1...

10CVSS9.7AI score0.00809EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.5 views

WordPress Plugin File Uploader 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

10CVSS6.9AI score0.00809EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2024/01/05 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-34624

A vulnerability in the file uploader component found in the /src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3...

9.8CVSS7.3AI score0.06744EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/11/23 2:33 p.m.18 views

CVE-2023-41788 Remote Code Execution via File Uploader

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773...

7.6CVSS9.1AI score0.00717EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/10/17 12:0 a.m.14 views

WordPress File Uploader Plugin < 4.23.3 is vulnerable to Cross Site Scripting (XSS)

Software File Uploader Type Plugin Vulnerable versions 4.23.3 Fixed in 4.23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4811 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1623a29c06e5 Credits FAIYAZ AHMAD Required...

5.4CVSS5.7AI score0.00394EPSS
Exploits3References2Affected Software1
Packet Storm
Packet Storm
added 2023/07/27 12:0 a.m.257 views

xForUp Simple File Uploader 1.0 SQL Injection

==================================================================================================================================== | Title : xForUp simple file uploader V1.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.6 views

WordPress KRSP Frontend File Uploader Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software KRSP Frontend File Uploader Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3d4ca0e2c724 Credits Rafie Muhammad Patchstac...

6.4AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.11 views

WordPress File Uploader Plugin < 4.19.2 is vulnerable to Path Traversal

Software File Uploader Type Plugin Vulnerable versions 4.19.2 Fixed in 4.19.2 OWASP Top 10 A5: Broken Access Control Classification Path Traversal CVE CVE-2023-2688 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID f1bb8a36ca00 Credits Marco Wotschka Required privilege...

4.9CVSS6.6AI score0.01736EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/06/09 6:15 a.m.3 views

CVE-2023-1169

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...

4.3CVSS7.3AI score0.00573EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:15 a.m.3 views

CVE-2023-1169

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...

4.3CVSS6.6AI score0.00573EPSS
Exploits0References4
Prion
Prion
added 2023/06/09 6:15 a.m.17 views

Authorization

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...

4CVSS4.5AI score0.00573EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.17 views

CVE-2023-1169 OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...

4.3CVSS4.8AI score0.00573EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2023/05/23 12:0 a.m.234 views

ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)

Exploit Title: ChurchCRM v4.5.4 - Reflected XSS via Image Authenticated Date: 2023-04-17 Exploit Author: Rahad Chowdhury Vendor Homepage: http://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM/releases/tag/4.5.4 Version: 4.5.4 Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53 CVE:...

4.8CVSS5.2AI score0.01508EPSS
Exploits3
Rows per page
Query Builder