CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

OSV•added 2024/08/24 2:15 a.m.•2 views

CVE-2024-7568

The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the outputsubadminpage0 function. This makes it possible for unauthenticated attackers to delete arbitrary files on...

8.1CVSS5.7AI score0.00432EPSS

Exploits0References2

OSV•added 2022/02/04 11:15 p.m.•2 views

CVE-2021-44779

Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...

9.8CVSS5.8AI score

Exploits0References2

NVD•added 2022/02/04 11:15 p.m.•12 views

CVE-2021-44779

Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...

9.8CVSS0.00455EPSS

Exploits0References2

Patchstack•added 2021/05/07 12:0 a.m.•11 views

WordPress UltimateWoo plugin <= 0.1.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by WPScan Team in WordPress UltimateWoo plugin versions = 0.1.10. Solution This plugin has been closed and is no longer available for download...

3.1AI score

Exploits0References2Affected Software1

OSV•added 2021/05/06 1:15 p.m.•1 views

CVE-2021-24247

The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user...

5.4CVSS5.8AI score

Exploits0References1

Patchstack•added 2019/01/15 12:0 a.m.•11 views

WordPress Easy Redirect Manager plugin 2.18.18 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by LS Team in WordPress Easy Redirect Manager plugin version 2.18.18. Solution 26 January 2019 - we were unable to find a patched version of this plugin. WordPress plugin repository message: "This plugin was closed on January 14, 2019 and is no longer...

6.1CVSS1.8AI score0.00245EPSS

Exploits1References1Affected Software1

Packet Storm•added 2014/12/14 12:0 a.m.•51 views

WordPress yURL ReTwitt WP 1.4 CSRF / XSS

Title: CSRF/XSS Vulnerability in yURL ReTwitt WP Plugin Author: Manideep K CVE-ID: CVE-2014-9341 Plugin Homepage: https://wordpress.org/plugins/yurl-retwitt/ Version Affected: 1.4 probably lower versions Severity: High About Plugin: This plugin will allow your readers to publish a RT Re-Twitt on...

6.8CVSS6.7AI score0.00095EPSS

Exploits2

Packet Storm•added 2014/12/14 12:0 a.m.•44 views

WordPress wpCommentTwit 0.5 CSRF / XSS

Title: CSRF/XSS Vulnerability in wpCommentTwit WP Plugin Author: Manideep K CVE-ID: CVE-2014-9340 Plugin Homepage: https://wordpress.org/plugins/wpcommenttwit/ Version Affected: 0.5 probably lower versions Severity: High About Plugin: wpCommentTwit is a plugin that will notify you of a new commen...

6.8CVSS6.7AI score0.00095EPSS

Exploits2