Lucene search
K

112 matches found

CNNVD
CNNVD
added 2024/07/04 12:0 a.m.6 views

WordPress plugin Nested Pages security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.8AI score0.00295EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/07/04 12:0 a.m.17 views

WordPress Nested Pages Plugin <= 3.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Nested Pages Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5943 Patch priority Low CVSS severity Low 8.3 Developer Claim ownership PSID ec525e948d0f Credits Bassem Essam Required...

8.8CVSS6.7AI score0.00295EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/30 12:4 p.m.5 views

WordPress Different Menu in Different Pages plugin <= 2.3.2 - Missing Authorization to Menu Duplication vulnerability

Missing Authorization to Menu Duplication vulnerability discovered by Lucio Sá in WordPress Plugin Different Menu in Different Pages versions = 2.3.2...

4.3CVSS7AI score0.0056EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.15 views

Legal Pages < 1.3.9 - Missing Authorization

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the moveToTrash and fetchandinserttemplatedata functions hooked via AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers, with...

6.8AI score
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/28 10:28 a.m.13 views

CVE-2023-50873 WordPress Add Any Extension to Pages Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Marios Alexandrou Add Any Extension to Pages.This issue affects Add Any Extension to Pages: from n/a through 1.4...

4.3CVSS6.9AI score0.00227EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/12/22 12:0 a.m.11 views

WordPress Add Any Extension to Pages Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Add Any Extension to Pages Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50873 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b3821f100fa4 Credits Nguyen Xuan...

8.8CVSS6.6AI score0.00227EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2023/12/20 12:0 a.m.20 views

WordPress Nested Pages Plugin < 3.2.7 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nestedpagesproject:nestedpages"; ifdescription...

5.9CVSS5.5AI score0.00386EPSS
Exploits0References1
CVE
CVE
added 2023/10/10 1:56 p.m.48 views

CVE-2023-44241

CVE-2023-44241 — Keap Landing Pages (WordPress) CSRF . Affected software is the Keap Landing Pages plugin (WordPress) version

8.8CVSS6.5AI score0.00227EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/09 8:43 a.m.53 views

CVE-2023-44232

CVE-2023-44232 is a CSRF vulnerability in the WordPress WP Hide Pages plugin (versions up to 1.0). The PatchStack entry notes unauthenticated exploit capability and that no patch is available to fix this vulnerability; the WP Hide Pages pages remain unpatched. No concrete remediation is provided ...

8.8CVSS6.5AI score0.00227EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/09 12:0 a.m.5 views

PT-2023-29157 · Huseyin Berberoglu · Wp Hide Pages

Name of the Vulnerable Software and Affected Versions: Huseyin Berberoglu WP Hide Pages plugin version 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is...

8.8CVSS8.6AI score0.00227EPSS
Exploits0References6
Patchstack
Patchstack
added 2023/09/04 12:0 a.m.8 views

WordPress Legal Pages Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Legal Pages Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 46f7055dfcca Credits István Márton Required...

6AI score0.00113EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2023/08/11 12:0 a.m.12 views

Online Security Guards Hiring System SQL Injection Vulnerability

WordPress WP Shopping Pages plugin cross-site scripting vulnerability...

9.8CVSS6.2AI score0.01134EPSS
Exploits1References1
CVE
CVE
added 2023/08/10 9:6 a.m.51 views

CVE-2023-23826

CVE-2023-23826 corresponds to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Add Posts to Pages, affected

6.5CVSS5.5AI score0.00358EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/08/07 12:0 a.m.5 views

WordPress plugin WP Shopping Pages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.8CVSS5.9AI score0.00327EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/08/04 12:0 a.m.5 views

Online Security Guards Hiring System SQL注入漏洞

WordPress WP Shopping Pages plugin cross-site scripting vulnerability...

9.8CVSS6.2AI score0.01134EPSS
Exploits1References5
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.10 views

WordPress Mobile Pages Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Mobile Pages Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7dbee75ebab7 Credits Rafie Muhammad Patchstack Required...

6.2AI score0.00284EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/05/31 4:15 a.m.3 views

CVE-2023-2434

The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings...

3.8CVSS6.7AI score0.00668EPSS
Exploits0References4
NVD
NVD
added 2023/03/06 12:15 a.m.23 views

CVE-2015-10090

A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to...

6.1CVSS4.5AI score0.00673EPSS
Exploits0References4
Prion
Prion
added 2023/03/06 12:15 a.m.18 views

Cross site scripting

A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to...

5.8CVSS6.4AI score0.00673EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/03/05 11:31 p.m.42 views

CVE-2015-10090

CVE-2015-10090 – Landing Pages Plugin (WordPress) is affected up to version 1.8.7. The vulnerability is described as a cross-site scripting flaw in unknown functionality that can be exploited remotely. The root cause and affected component are not explicitly detailed in the provided sources, but ...

6.1CVSS4.4AI score0.00673EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder