Lucene search
K

43 matches found

CNNVD
CNNVD
added 2024/02/29 12:0 a.m.6 views

WordPress Plugin WP Maintenance Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

5.3CVSS6AI score0.00461EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/20 6:56 p.m.10 views

CVE-2024-1472 WP Maintenance <= 6.1.6 - Information Exposure

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...

5.3CVSS6.6AI score0.00461EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/20 6:56 p.m.30 views

CVE-2024-1472 WP Maintenance <= 6.1.6 - Information Exposure

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...

5.3CVSS5.5AI score0.00461EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.27 views

MainWP Dashboard < 4.5.1.3 - Authenticated(Administrator+) CSS Injection

Description The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated...

4.8CVSS7.1AI score0.00395EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/12/27 12:0 a.m.18 views

WP Maintenance Plugin for WordPress < 6.0.6 Stored Cross-Site Scripting

The WordPress WP Maintenance Plugin installed on the remote host is affected by a Stored Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

4.8CVSS7.1AI score0.00505EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/12/27 12:0 a.m.17 views

WP Maintenance Plugin for WordPress < 6.0.8 Stored Cross-Site Scripting

The WordPress WP Maintenance Plugin installed on the remote host is affected by a Stored Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

4.8CVSS7.1AI score0.00612EPSS
Exploits0References2
OSV
OSV
added 2022/07/21 6:15 p.m.3 views

CVE-2022-30536

Authenticated Stored Cross-Site Scripting XSS vulnerability in Florent Maillefaud's WP Maintenance plugin = 6.0.7 at WordPress...

4.8CVSS5.8AI score0.00612EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/21 5:22 p.m.18 views

CVE-2022-30536 WordPress WP Maintenance plugin <= 6.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability in Florent Maillefaud's WP Maintenance plugin = 6.0.7 at WordPress...

3.4CVSS5.1AI score0.00612EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/21 12:0 a.m.3 views

WordPress plugin WP Maintenance 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

4.8CVSS4.9AI score0.00612EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/28 1:50 p.m.5 views

CVE-2022-30536

Authenticated Stored Cross-Site Scripting XSS vulnerability in Florent Maillefaud's WP Maintenance plugin = 6.0.7 at WordPress...

4.8CVSS5AI score0.00612EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2022/04/19 12:0 a.m.13 views

WordPress WP Maintenance plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

4.8CVSS0.8AI score0.00505EPSS
Exploits0References1
Prion
Prion
added 2022/04/15 5:15 p.m.11 views

Cross site scripting

Authenticated admin+ Stored Cross-Site Scripting XSS in WP Maintenance plugin = 6.0.7 versions...

3.5CVSS4.8AI score0.00505EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/04/15 4:24 p.m.85 views

CVE-2021-36828

CVE-2021-36828 affects the WordPress WP Maintenance plugin, with an authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in versions up to 6.0.7. The issue involves multiple inputs not being properly sanitized, enabling XSS by privileged users. Several sources (NVD/NIST, CVE rec...

4.8CVSS4.9AI score0.00505EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/15 4:24 p.m.35 views

CVE-2021-36828 WordPress WP Maintenance plugin <= 6.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Stored Cross-Site Scripting XSS in WP Maintenance plugin = 6.0.7 versions...

4.8CVSS5.1AI score0.00505EPSS
Exploits0References1
Patchstack
Patchstack
added 2022/04/15 12:0 a.m.17 views

WordPress WP Maintenance plugin <= 6.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress WP Maintenance plugin versions = 6.0.7. Solution Update the WordPress WP Maintenance plugin to the latest available version at least 6.0.8...

4.8CVSS3AI score0.00505EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.2 views

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in Countdown,...

6.1CVSS5.9AI score0.00863EPSS
Exploits2References3
Cvelist
Cvelist
added 2022/02/14 9:20 a.m.25 views

CVE-2022-0188 Coming Soon & Maintenance Plugin by NiteoThemes < 4.0.19 - Unauthenticated Arbitrary CSS Update

The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout...

5.5AI score0.02375EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/10/11 12:0 a.m.4 views

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of the WordPress Coming soon and Maintenance plugin...

5.4CVSS5.8AI score0.006EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2021/09/03 12:0 a.m.15 views

WordPress Maintenance Plugin < 4.03 XSS Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

4.8CVSS7AI score0.00617EPSS
Exploits2References2
OSV
OSV
added 2021/08/23 12:15 p.m.4 views

CVE-2021-24533

The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them even when the unfilteredhtml capability is disallowed, which will be triggered in the frontend...

4.8CVSS5.8AI score0.00617EPSS
Exploits2References1
Rows per page
Query Builder