Lucene search
K

6276 matches found

Circl
Circl
added 2025/12/23 10:22 a.m.5 views

CVE-2025-12934

creationtimestamp| type| source ---|---|--- 2025-12-23 10:22:59+00:00| seen| https://gist.github.com/Darkcrai86/1223d292ad34425b948187905ab30ba2 2025-12-23 10:45:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mankyyzeot2p 2025-12-23 11:32:42+00:00| seen|...

8.1CVSS5.8AI score0.00351EPSS
Exploits0References3
Circl
Circl
added 2025/12/23 10:3 a.m.5 views

CVE-2025-14388

creationtimestamp| type| source ---|---|--- 2025-12-23 10:03:44+00:00| seen| https://infosec.exchange/users/offseq/statuses/115768309982804801 2025-12-23 10:03:45+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3manioeubcv2z 2025-12-23 10:22:18+00:00| seen|...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/12/23 9:20 a.m.4 views

CVE-2025-12934 Beaver Builder – WordPress Page Builder <= 2.9.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'duplicatewpmllayout' function in all versions up to, and including, 2.9.4.1. This makes it possible for authenticated attackers,...

8.1CVSS4.8AI score0.00351EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.7 views

PT-2025-52748

Name of the Vulnerable Software and Affected Versions Responsive Posts Carousel Pro versions through 15.2 Description An issue exists in WebCodingPlace Responsive Posts Carousel Pro that allows for Stored Cross-site Scripting XSS. This occurs due to improper neutralization of input during web pag...

6.5CVSS6.1AI score0.00133EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.4 views

WordPress plugin Responsive Posts Carousel Pro 跨站脚本漏洞

...

6.5CVSS5.8AI score0.00133EPSS
Exploits0References2
Circl
Circl
added 2025/12/22 11:45 p.m.8 views

CVE-2023-53981

creationtimestamp| type| source ---|---|--- 2025-12-22 23:45:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mamg3vdpcl2b 2025-12-22 23:46:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mamg7cgt262x...

8.6CVSS5.8AI score0.00796EPSS
Exploits1References2
Circl
Circl
added 2025/12/22 9:5 a.m.4 views

CVE-2025-11543

creationtimestamp| type| source ---|---|--- 2025-12-22 09:05:37+00:00| seen| https://infosec.exchange/users/offseq/statuses/115762419200846171 2025-12-22 09:05:51+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3makuxkek6e2n 2025-12-22 09:21:46+00:00| seen|...

9.8CVSS4.8AI score0.00171EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/22 7:21 a.m.5 views

CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

8.8CVSS8.6AI score0.00969EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/22 2:35 a.m.6 views

CVE-2025-14071

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

7.5CVSS7AI score0.0056EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/22 2:35 a.m.5 views

CVE-2025-14080

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...

5.3CVSS6.1AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 2025/12/21 3:15 a.m.10 views

CVE-2025-14080

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsmlformprocess AJAX action. This makes it possible for...

5.3CVSS0.0024EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/21 2:20 a.m.21 views

CVE-2025-14071 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

7.5CVSS0.0056EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/21 2:20 a.m.4 views

CVE-2025-14071 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

7.5CVSS6.5AI score0.0056EPSS
Exploits0References5
CVE
CVE
added 2025/12/21 2:20 a.m.15 views

CVE-2025-14080

CVE-2025-14080 concerns the WordPress plugin Frontend Post Submission Manager Lite. The vulnerability is due to missing authorization on the fpsml_form_process AJAX action, allowing unauthenticated attackers to modify arbitrary posts by supplying a post_id via the guest posting form. Reported imp...

5.3CVSS5.7AI score0.0024EPSS
Exploits0References4
Circl
Circl
added 2025/12/20 2:1 a.m.4 views

CVE-2025-14178

creationtimestamp| type| source ---|---|--- 2025-12-20 02:01:22+00:00| seen| https://bsky.app/profile/slackers.it/post/3maf4czwhdn26 2025-12-20 02:01:33+00:00| seen| https://bsky.app/profile/slackers.it/post/3maf4d6dt3p2l 2025-12-21 11:53:36+00:00| seen|...

8.2CVSS6.6AI score0.00428EPSS
Exploits1References10
Circl
Circl
added 2025/12/20 2:1 a.m.4 views

CVE-2025-14177

creationtimestamp| type| source ---|---|--- 2025-12-20 02:01:22+00:00| seen| https://bsky.app/profile/slackers.it/post/3maf4czwhdn26 2025-12-20 02:01:34+00:00| seen| https://bsky.app/profile/slackers.it/post/3maf4d6dt3p2l 2025-12-21 11:53:36+00:00| seen|...

7.5CVSS7.1AI score0.00474EPSS
Exploits3References10
Vulnrichment
Vulnrichment
added 2025/12/19 9:5 p.m.4 views

CVE-2023-53952 Dotclear 2.25.3 Authenticated Remote Code Execution via File Upload

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

8.8CVSS8.3AI score0.00969EPSS
Exploits1References3
CVE
CVE
added 2025/12/19 9:5 p.m.9 views

CVE-2023-53952

CVE-2023-53952 affects Dotclear 2.25.3, which contains a remote code execution vulnerability exploitable by authenticated attackers through the blog post creation interface. The issue arises from allowing uploads of PHP files with a .phar extension; such uploaded files can execute PHP system comm...

8.8CVSS8.3AI score0.00969EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/12/19 9:15 a.m.5 views

CVE-2025-11747

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the colibriblogposts shortcode in all versions up to, and including, 1.0.345 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00275EPSS
Exploits0References3
CVE
CVE
added 2025/12/19 8:23 a.m.16 views

CVE-2025-11747

CVE-2025-11747 affects the Colibri Page Builder WordPress plugin. The Wordfence report documents a stored cross-site scripting vulnerability in the colibri_blog_posts shortcode caused by insufficient input sanitization and lack of proper output escaping, affecting all versions up to and including...

6.4CVSS4.6AI score0.00275EPSS
Exploits0References3
Rows per page
Query Builder