Lucene search
K

103 matches found

CNNVD
CNNVD
added 2024/12/16 12:0 a.m.4 views

WordPress plugin Portfolio 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.7AI score0.00309EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/14 4:23 a.m.10 views

CVE-2024-11867 Companion Portfolio – Responsive Portfolio Plugin <= 2.4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Companion Portfolio – Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'companion-portfolio' shortcode in all versions up to, and including, 2.4.0.1 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.8AI score0.00293EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/14 4:23 a.m.20 views

CVE-2024-11867 Companion Portfolio – Responsive Portfolio Plugin <= 2.4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Companion Portfolio – Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'companion-portfolio' shortcode in all versions up to, and including, 2.4.0.1 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00293EPSS
Exploits0References2
OSV
OSV
added 2024/12/13 4:15 a.m.4 views

CVE-2019-25221

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

4.9CVSS5.8AI score0.00471EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/12 5:24 a.m.12 views

CVE-2024-11765 WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gsportfolio' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization a...

6.4CVSS5.8AI score0.00352EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/12 5:24 a.m.16 views

CVE-2024-11765 WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gsportfolio' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization a...

6.4CVSS0.00352EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.5 views

WordPress plugin Portfolio 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.9AI score0.00352EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/09 12:0 a.m.5 views

WordPress plugin Responsive Filterable Portfolio 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

4.4CVSS8.3AI score0.00233EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/09 12:0 a.m.10 views

PT-2024-34911 · Unknown · I Thirteen Web Solution Responsive Filterable Portfolio

Name of the Vulnerable Software and Affected Versions: I Thirteen Web Solution Responsive Filterable Portfolio versions 1.0.0 through 1.0.22 Description: The issue is a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to perform Server Side Request Forgery. This can...

4.4CVSS6.9AI score0.00233EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.16 views

WordPress Responsive Filterable Portfolio Plugin <= 1.0.22 is vulnerable to Server Side Request Forgery (SSRF)

Software Responsive Filterable Portfolio Type Plugin Vulnerable versions = 1.0.22 Fixed in 1.0.23 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-51785 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID...

4.4CVSS6.6AI score0.00233EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/16 12:0 a.m.17 views

WordPress Phlox Portfolio Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Phlox Portfolio Type Plugin Vulnerable versions = 2.3.2 Fixed in 2.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3587 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2481f1e17cc6 Credits wesley wcraft Required...

6.4CVSS5.8AI score0.00377EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.6 views

WordPress plugin Portfolio 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.5CVSS6.2AI score0.00351EPSS
Exploits0References2
NVD
NVD
added 2023/12/26 3:15 p.m.21 views

CVE-2014-125109

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bwsaddmenurender of the file bwsmenu/bwsmenu.php. The manipulation of the argument bwsmnformemail leads to cross site scripting. The attack can be...

6.1CVSS0.00401EPSS
Exploits0References3
Prion
Prion
added 2023/12/26 3:15 p.m.16 views

Cross site scripting

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bwsaddmenurender of the file bwsmenu/bwsmenu.php. The manipulation of the argument bwsmnformemail leads to cross site scripting. The attack can be...

5.8CVSS6.4AI score0.00401EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/12/26 3:0 p.m.49 views

CVE-2014-125109

The CVE-2014-125109 entry concerns the BestWebSoft Portfolio Plugin (WordPress) up to version 2.27, specifically the function bws_add_menu_render in bws_menu/bws_menu.php. The vulnerability arises from manipulation of the bwsmn_form_email argument, enabling cross-site scripting (XSS). Exploitatio...

6.1CVSS4.8AI score0.00401EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/12/26 3:0 p.m.26 views

CVE-2014-125109 BestWebSoft Portfolio Plugin bws_menu.php bws_add_menu_render cross site scripting

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bwsaddmenurender of the file bwsmenu/bwsmenu.php. The manipulation of the argument bwsmnformemail leads to cross site scripting. The attack can be...

4CVSS6AI score0.00401EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/12/26 3:0 p.m.23 views

CVE-2014-125109

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bwsaddmenurender of the file bwsmenu/bwsmenu.php. The manipulation of the argument bwsmnformemail leads to cross site scripting. The attack can be...

6.1CVSS6.6AI score0.00401EPSS
Exploits0References3
NVD
NVD
added 2023/12/26 10:15 a.m.14 views

CVE-2012-10017

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to addres...

8.8CVSS0.00352EPSS
Exploits0References3
Prion
Prion
added 2023/12/26 10:15 a.m.15 views

Cross site request forgery (csrf)

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to addres...

6.8CVSS7.3AI score0.00352EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/26 10:0 a.m.9 views

CVE-2012-10017 BestWebSoft Portfolio Plugin cross-site request forgery

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to addres...

5CVSS6.8AI score0.00352EPSS
Exploits0References3
Rows per page
Query Builder