Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-15346

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00271EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.14 views

EUVD-2025-15351

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00161EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/17 9:3 p.m.19 views

CVE-2024-10634

The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack...

4.3CVSS6.8AI score0.00161EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:3 p.m.7 views

CVE-2024-10632

The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00271EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/05/17 12:38 a.m.10 views

WordPress Nokaut Offers Box plugin <= 1.4.0 - Plugin Reset via CSRF vulnerability

Plugin Reset via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Nokaut Offers Box versions = 1.4.0...

4.3CVSS7AI score0.00161EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2025/05/15 8:15 p.m.8 views

CVE-2024-10632

The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00271EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 8:15 p.m.3 views

CVE-2024-10634

The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack...

4.3CVSS5.8AI score0.00161EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 8:15 p.m.3 views

CVE-2024-10632

The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/05/15 8:15 p.m.10 views

CVE-2024-10634

The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack...

4.3CVSS0.00161EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:6 p.m.7 views

CVE-2024-10632 Nokaut Offers Box <= 1.4.0 - Admin+ Stored XSS

The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8AI score0.00271EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:6 p.m.11 views

CVE-2024-10634 Nokaut Offers Box <= 1.4.0 - Plugin Reset via CSRF

The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack...

0.00161EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:6 p.m.7 views

CVE-2024-10634 Nokaut Offers Box <= 1.4.0 - Plugin Reset via CSRF

The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack...

4.6AI score0.00161EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:6 p.m.30 views

CVE-2024-10632

The CVE-2024-10632 entry concerns the Nokaut Offers Box WordPress plugin (versions 1.4.0 and earlier). The underlying issue is that the plugin does not sanitize and escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as...

4.8CVSS5.8AI score0.00271EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/15 8:6 p.m.14 views

CVE-2024-10632 Nokaut Offers Box <= 1.4.0 - Admin+ Stored XSS

The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00271EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:6 p.m.27 views

CVE-2024-10634

The CVE-2024-10634 entry concerns the Nokaut Offers Box WordPress plugin (versions ≤ 1.4.0). Affected component: plugin settings update logic lacking CSRF protection, enabling a CSRF attack that could cause a logged-in administrator to reset the plugin. Exploitation details are not provided beyon...

4.3CVSS6.4AI score0.00161EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.5 views

PT-2025-21407 · WordPress · Nokaut Offers Box

Name of the Vulnerable Software and Affected Versions: Nokaut Offers Box WordPress plugin versions 1.4.0 and earlier Description: The issue concerns the lack of CSRF check when updating settings in the Nokaut Offers Box WordPress plugin. This could allow attackers to make a logged-in admin reset...

4.3CVSS4.5AI score0.00161EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.4 views

PT-2025-21406 · WordPress · Nokaut Offers Box

Name of the Vulnerable Software and Affected Versions: Nokaut Offers Box WordPress plugin versions 1.4.0 and earlier Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitize a...

4.8CVSS4.7AI score0.00271EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.3 views

WordPress plugin Nokaut Offers Box 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS5AI score0.00161EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.12 views

WordPress plugin Nokaut Offers Box 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.8CVSS4.8AI score0.00271EPSS
Exploits1References1
Rows per page
Query Builder