6276 matches found
CVE-2024-50603
creationtimestamp| type| source ---|---|--- 2025-01-08 01:09:12+00:00| seen| https://infosec.exchange/users/cve/statuses/113790061901237352 2025-01-08 01:15:28+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf6yghkmun2f 2025-01-08 01:37:28+00:00| seen|...
PT-2025-1900 · WordPress · The 140+ Widgets | Xpro Addons For Elementor
Name of the Vulnerable Software and Affected Versions: 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress versions up to, and including, 1.4.6.2 Description: The issue allows authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data...
CVE-2024-11635
creationtimestamp| type| source ---|---|--- 2025-01-07 21:01:36+00:00| seen| https://bsky.app/profile/abrahack.bsky.social/post/3lf6kaflqkk2d 2025-01-08 07:20:59+00:00| seen| https://infosec.exchange/users/cve/statuses/113791523823209673 2025-01-08 07:38:26+00:00| published-proof-of-concept|...
CVE-2024-9939
creationtimestamp| type| source ---|---|--- 2025-01-07 21:01:04+00:00| seen| https://bsky.app/profile/abrahack.bsky.social/post/3lf6k7fj6x22d 2025-01-08 08:34:48+00:00| seen| https://infosec.exchange/users/cve/statuses/113791814054818001 2025-01-08 09:12:49+00:00| published-proof-of-concept|...
WordPress SureForms plugin <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure vulnerability
Missing Authorization to Unauthenticated Protected Post Disclosure vulnerability discovered by Lucio Sá in WordPress Plugin SureForms versions = 1.2.2...
CVE-2024-53705
creationtimestamp| type| source ---|---|--- 2025-01-07 12:38:58+00:00| seen| https://vulnerability.circl.lu/bundle/602ffeaf-2425-48cc-967c-0efad9629dd0 2025-01-07 20:37:08+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113788992074892039 2025-01-08 08:57:24+00:00| seen|...
WordPress Category Posts Widget plugin < 4.9.18 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Category Posts Widget versions 4.9.18...
CVE-2024-11282
The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that...
WordPress Same but Different – Related Posts by Taxonomy plugin <= 1.0.16 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Same but Different – Related Posts by Taxonomy versions = 1.0.16...
CVE-2024-9638
The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9638
The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9638 Category Posts Widget < 4.9.18 - Admin+ Stored XSS
The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9638 Category Posts Widget < 4.9.18 - Admin+ Stored XSS
The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9638
CVE-2024-9638 affects Category Posts Widget for WordPress (Category Posts Widget) up to version 4.9.17. The issue is improper sanitization/escaping of widget settings, enabling stored XSS by high-privilege users (e.g., Admin) even when unfiltered_html is disallowed (e.g., multisite). The root cau...
CVE-2024-12288
The CVE-2024-12288 entry concerns the WordPress plugin Simple add pages or posts. Connected Red Hat advisory RH:CVE-2024-12288 confirms a Cross-Site Request Forgery vulnerability in this plugin, arising from missing nonce validation, enabling unauthenticated attackers to update settings and injec...
CVE-2024-43096
creationtimestamp| type| source ---|---|--- 2025-01-07 04:09:13+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lf4ro76fzm2x 2025-01-07 06:46:18+00:00| seen| https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lf52h3ciws26 2025-01-07 09:47:29+00:00| seen|...
CVE-2025-22395
creationtimestamp| type| source ---|---|--- 2025-01-07 03:01:49+00:00| seen| https://infosec.exchange/users/cve/statuses/113784842334985507 2025-01-07 03:15:24+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4onxu4em2c 2025-01-07 03:38:00+00:00| seen|...
WordPress plugin Member Access 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...
PT-2025-1645 · WordPress · Same But Different – Related Posts By Taxonomy
Name of the Vulnerable Software and Affected Versions: Same but Different – Related Posts by Taxonomy plugin for WordPress versions up to, and including, 1.0.16 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without...
PT-2025-3730 · WordPress · Category Posts Widget
Name of the Vulnerable Software and Affected Versions: Category Posts Widget WordPress plugin versions prior to 4.9.18 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...