Lucene search
K

30 matches found

Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.7 views

PT-2026-3346

The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax delete log' AJAX endpoint in all versions up to, and including, 4.7.5. This makes it possible for authenticated attackers, with...

4.3CVSS5.1AI score0.00161EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.9 views

PT-2025-47693

The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp ajax nopriv checkbox clean log' AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files...

5.3CVSS5.4AI score0.00196EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-11069

Malware in sbrugna...

6.5CVSS6.6AI score0.00506EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-34195

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00951EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-7283

Malicious code in bioql PyPI...

6.5CVSS9.1AI score0.00371EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-23856

Malicious code in bioql PyPI...

6.5CVSS7.2AI score0.00307EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-49887

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00354EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.8 views

CVE-2024-9364

The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wpmailplusclearlogs' function in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

4.3CVSS6.4AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:32 a.m.5 views

CVE-2023-1624

The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcodeactivatesnippets capability delete arbitrary log files on the server, including...

6.5CVSS6.6AI score0.00307EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:15 a.m.6 views

CVE-2022-29883

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not restrict unauthenticated access to certain pages of the web interface. This could allow an attacker to delete log files without authentication...

6.9CVSS5.5AI score0.00951EPSS
Exploits0References1
OSV
OSV
added 2025/03/26 12:15 p.m.4 views

CVE-2025-1911

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.5.0. This makes it possible for authenticated...

6.5CVSS7.4AI score0.00394EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/26 12:0 a.m.6 views

WordPress plugin Product Import Export for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

6.5CVSS8.4AI score0.00394EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/22 12:0 a.m.6 views

WordPress plugin Export and Import Users and Customers 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.5CVSS8.5AI score0.00371EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 12:15 p.m.3 views

CVE-2024-13922

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with...

6.5CVSS7.4AI score0.00371EPSS
Exploits0References4
OSV
OSV
added 2024/09/04 9:15 a.m.4 views

CVE-2024-7870

The PixelYourSite – Your smart PIXEL TAG & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for...

7.5CVSS5.8AI score0.0045EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.4 views

PT-2024-38647 · WordPress · Pixelyoursite Pro +1

Name of the Vulnerable Software and Affected Versions: PixelYourSite – Your smart PIXEL TAG & API Manager versions up to and including 9.7.1 PixelYourSite PRO versions up to and including 10.4.2 Description: The vulnerability allows unauthenticated attackers to view potentially sensitive...

7.5CVSS6.9AI score0.0045EPSS
Exploits0References11
Cvelist
Cvelist
added 2023/04/24 6:30 p.m.30 views

CVE-2023-1624 WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF

The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcodeactivatesnippets capability delete arbitrary log files on the server, including...

6.6AI score0.00307EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/04/24 6:30 p.m.6 views

CVE-2023-1624 WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF

The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcodeactivatesnippets capability delete arbitrary log files on the server, including...

7.1AI score0.00307EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/10 7:20 p.m.7 views

CVE-2023-1337 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_uucss_logs'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clearuucsslogs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete...

4.3CVSS6.6AI score0.01024EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/12 12:0 a.m.5 views

Siemens SICAM T 访问控制错误漏洞

The SICAM P850 Multifunctional Measuring Device is used to collect, visualize, evaluate and transmit electrical measurement variables such as AC current, AC voltage, frequency, power, harmonics, etc. The SICAM P855 Multifunctional Device is used to collect, display and transmit measured electrica...

6.9CVSS6.8AI score0.00951EPSS
Exploits0References7
Rows per page
Query Builder