Lucene search
K

105 matches found

Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.8 views

PT-2024-27421 · Unknown · Permalink Manager Lite

Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite versions 2.4.3.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...

7.1CVSS6.5AI score0.00308EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/06/27 10:14 a.m.6 views

WordPress Permalink Manager Lite plugin <= 2.4.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Permalink Manager Lite versions = 2.4.3.3...

7.1CVSS6.1AI score0.00308EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/27 12:0 a.m.14 views

WordPress Permalink Manager Lite Plugin <= 2.4.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.3.3 Fixed in 2.4.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37257 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e3ec5eb6c45f Credits Rafie Muhammad...

7.1CVSS6.8AI score0.00308EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/04/09 7:15 p.m.6 views

CVE-2024-2738

The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

6.1CVSS6AI score0.00604EPSS
Exploits0References4
NVD
NVD
added 2024/04/09 7:15 p.m.26 views

CVE-2024-2738

The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

6.1CVSS6.1AI score0.00604EPSS
Exploits0References4
NVD
NVD
added 2024/04/09 7:15 p.m.21 views

CVE-2024-2543

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...

4.3CVSS4.4AI score0.00623EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/04/09 6:58 p.m.21 views

CVE-2024-2543 Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...

4.3CVSS4.7AI score0.00623EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/04/09 6:58 p.m.13 views

CVE-2024-2543

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...

4.3CVSS6.7AI score0.00623EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/04/09 6:58 p.m.30 views

CVE-2024-2738 Permalink Manager Lite and Permalink Manager Pro <= 2.4.3.1 - Reflected Cross-Site Scripting

The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

6.1CVSS6.2AI score0.00604EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.13 views

WordPress Plugin Permalink Manager Lite and Permalink Manager Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.1CVSS7.8AI score0.00604EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.11 views

PT-2024-21867 · WordPress · Permalink Manager Lite +1

Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite and Pro plugins for WordPress versions up to, and including, 2.4.3.1 Description: The issue is related to Reflected Cross-Site Scripting via the s parameter in multiple instances due to insufficient input sanitization a...

6.1CVSS8.7AI score0.00604EPSS
Exploits0References11
Patchstack
Patchstack
added 2024/03/21 12:0 a.m.16 views

WordPress Permalink Manager Lite Plugin <= 2.4.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.3.1 Fixed in 2.4.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2738 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8f6892729531 Credits Muhamma...

6.1CVSS5.9AI score0.00604EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/03/20 6:15 a.m.21 views

CVE-2024-2538

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...

5.4CVSS5.2AI score0.00568EPSS
Exploits1References3
OSV
OSV
added 2024/03/20 6:15 a.m.5 views

CVE-2024-2538

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...

4.3CVSS7.4AI score0.00568EPSS
Exploits1References3
CVE
CVE
added 2024/03/20 5:32 a.m.58 views

CVE-2024-2538

CVE-2024-2538 impacts Permalink Manager Lite for WordPress. The issue stems from a missing capability check in the ajax_save_permalink path, allowing authenticated users with author access or higher to modify permalinks of arbitrary posts. Affected versions are all up to and including 2.4.3.1. Pu...

5.4CVSS6.1AI score0.00568EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/20 5:32 a.m.11 views

CVE-2024-2538 Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...

5.4CVSS7.4AI score0.00568EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/03/20 5:32 a.m.26 views

CVE-2024-2538 Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...

5.4CVSS5.5AI score0.00568EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.4 views

WordPress Plugin Permalink Manager Lite Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.7AI score0.00568EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.19 views

Permalink Manager Lite < 2.4.3.1 - Reflected Cross-Site Scripting

Description The Permalink Manager Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.3AI score0.00398EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/19 5:15 p.m.5 views

CVE-2024-29092

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3...

6.1CVSS7.3AI score0.00398EPSS
Exploits0References1
Rows per page
Query Builder