Lucene search
K

74 matches found

Patchstack
Patchstack
added 2025/02/11 10:6 p.m.7 views

WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation vulnerability

Missing Authorization to Unauthenticated Post Order Manipulation vulnerability discovered by incognito in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.13...

5.3CVSS7AI score0.00301EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 3:50 a.m.12 views

CVE-2024-27196

Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...

7.1CVSS8.4AI score0.00351EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 12:15 p.m.3 views

CVE-2024-49321

Missing Authorization vulnerability in Colorlib Simple Custom Post Order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through 2.5.7...

4.3CVSS5.8AI score0.00319EPSS
Exploits0References1
NVD
NVD
added 2024/10/21 12:15 p.m.15 views

CVE-2024-49321

Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through = 2.5.7...

4.3CVSS0.00319EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/21 11:11 a.m.15 views

CVE-2024-49321 WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through = 2.5.7...

4.3CVSS5.1AI score0.00319EPSS
Exploits0References1
CVE
CVE
added 2024/10/21 11:11 a.m.106 views

CVE-2024-49321

CVE-2024-49321 concerns Colorlib Simple Custom Post Order (WordPress plugin) with a Missing Authorization vulnerability in versions 2.5.7 and earlier. The issue allows broken access control at the plugin level, enabling unauthorized access due to incorrectly configured security levels (privileges...

4.3CVSS5.9AI score0.00319EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/21 12:0 a.m.4 views

PT-2024-33462 · Colorlib · Colorlib Simple Custom Post Order

Name of the Vulnerable Software and Affected Versions: Colorlib Simple Custom Post Order versions 2.5.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

4.3CVSS7.2AI score0.00319EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/10/15 1:32 p.m.4 views

WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Simple Custom Post Order versions = 2.5.7...

4.3CVSS7AI score0.00319EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.18 views

WordPress Simple Custom Post Order Plugin <= 2.5.7 is vulnerable to Broken Access Control

Software Simple Custom Post Order Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49321 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0c22de4a69ef Credits Rafie Muhammad...

4.3CVSS6.9AI score0.00319EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/03/15 1:15 p.m.19 views

CVE-2024-27196

Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...

7.1CVSS6.5AI score0.00351EPSS
Exploits0References1
OSV
OSV
added 2024/03/15 1:15 p.m.3 views

CVE-2024-27196

Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...

6.1CVSS7.3AI score0.00351EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/15 12:47 p.m.16 views

CVE-2024-27196 WordPress postMash – custom post order plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...

7.1CVSS5.9AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 2024/03/15 12:47 p.m.66 views

CVE-2024-27196

CVE-2024-27196 affects the WordPress plugin postMash – custom post order (versions up to and including 1.2.0). Public docs describe a Reflected XSS vulnerability in that plugin. Core details in connected sources specify affected product/version and the nature of the vulnerability (Reflected XSS);...

7.1CVSS8.3AI score0.00351EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.3 views

PT-2024-21732 · WordPress · Postmash

Name of the Vulnerable Software and Affected Versions: postMash – custom post order versions 1.2.0 and earlier Description: The issue is a Cross Site Scripting XSS vulnerability, specifically a Reflected XSS, in the postMash – custom post order plugin. This type of vulnerability allows an attacke...

7.1CVSS8.6AI score0.00351EPSS
Exploits0References7
OSV
OSV
added 2024/02/28 1:15 p.m.2 views

CVE-2024-25927

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0...

9.8CVSS7.3AI score0.00565EPSS
Exploits0References1
Prion
Prion
added 2024/02/28 1:15 p.m.28 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0...

6.4CVSS9.6AI score0.00565EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/28 12:47 p.m.14 views

CVE-2024-25927 WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0...

9.3CVSS7.6AI score0.00565EPSS
Exploits0References1
CVE
CVE
added 2024/02/28 12:47 p.m.106 views

CVE-2024-25927

CVE-2024-25927 refers to a SQL Injection vulnerability in the WordPress plugin postMash – custom post order, affecting versions up to and including 1.2.0. The issue arises from improper neutralization of elements in SQL commands (SQLi). The available connected documents confirm it is exploitable ...

9.8CVSS8.9AI score0.00565EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.3 views

WordPress Plugin postMash - custom post order SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin postMash - custom post order A SQL...

9.8CVSS8AI score0.00565EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.4 views

PT-2024-21220 · Postmash · Postmash

Name of the Vulnerable Software and Affected Versions: postMash – custom post order versions 1.2.0 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This vulnerability affects the...

9.8CVSS9.3AI score0.00565EPSS
Exploits0References6
Rows per page
Query Builder