Lucene search
K

6276 matches found

Circl
Circl
added 2025/01/08 1:9 a.m.10 views

CVE-2024-50603

creationtimestamp| type| source ---|---|--- 2025-01-08 01:09:12+00:00| seen| https://infosec.exchange/users/cve/statuses/113790061901237352 2025-01-08 01:15:28+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf6yghkmun2f 2025-01-08 01:37:28+00:00| seen|...

10CVSS7.6AI score0.98545EPSS
In wildExploits5References64
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.8 views

PT-2025-1900 · WordPress · The 140+ Widgets | Xpro Addons For Elementor

Name of the Vulnerable Software and Affected Versions: 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress versions up to, and including, 1.4.6.2 Description: The issue allows authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data...

6.5CVSS7.2AI score0.00349EPSS
Exploits0References8
Circl
Circl
added 2025/01/07 9:1 p.m.24 views

CVE-2024-11635

creationtimestamp| type| source ---|---|--- 2025-01-07 21:01:36+00:00| seen| https://bsky.app/profile/abrahack.bsky.social/post/3lf6kaflqkk2d 2025-01-08 07:20:59+00:00| seen| https://infosec.exchange/users/cve/statuses/113791523823209673 2025-01-08 07:38:26+00:00| published-proof-of-concept|...

9.8CVSS7.8AI score0.01449EPSS
Exploits1References12
Circl
Circl
added 2025/01/07 9:1 p.m.9 views

CVE-2024-9939

creationtimestamp| type| source ---|---|--- 2025-01-07 21:01:04+00:00| seen| https://bsky.app/profile/abrahack.bsky.social/post/3lf6k7fj6x22d 2025-01-08 08:34:48+00:00| seen| https://infosec.exchange/users/cve/statuses/113791814054818001 2025-01-08 09:12:49+00:00| published-proof-of-concept|...

7.5CVSS7.8AI score0.01016EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/01/07 6:48 p.m.4 views

WordPress SureForms plugin <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure vulnerability

Missing Authorization to Unauthenticated Protected Post Disclosure vulnerability discovered by Lucio Sá in WordPress Plugin SureForms versions = 1.2.2...

5.3CVSS7AI score0.00331EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2025/01/07 12:38 p.m.10 views

CVE-2024-53705

creationtimestamp| type| source ---|---|--- 2025-01-07 12:38:58+00:00| seen| https://vulnerability.circl.lu/bundle/602ffeaf-2425-48cc-967c-0efad9629dd0 2025-01-07 20:37:08+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113788992074892039 2025-01-08 08:57:24+00:00| seen|...

7.5CVSS7.2AI score0.00711EPSS
Exploits0References11
Patchstack
Patchstack
added 2025/01/07 9:57 a.m.6 views

WordPress Category Posts Widget plugin < 4.9.18 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Category Posts Widget versions 4.9.18...

4.8CVSS6.1AI score0.00354EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/01/07 7:15 a.m.3 views

CVE-2024-11282

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that...

7.5CVSS7.3AI score0.0039EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/07 6:54 a.m.5 views

WordPress Same but Different – Related Posts by Taxonomy plugin <= 1.0.16 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Same but Different – Related Posts by Taxonomy versions = 1.0.16...

6.1CVSS6.3AI score0.00341EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/07 6:15 a.m.3 views

CVE-2024-9638

The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00354EPSS
Exploits1References1
NVD
NVD
added 2025/01/07 6:15 a.m.9 views

CVE-2024-9638

The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00354EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/07 6:0 a.m.16 views

CVE-2024-9638 Category Posts Widget < 4.9.18 - Admin+ Stored XSS

The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00354EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/07 6:0 a.m.10 views

CVE-2024-9638 Category Posts Widget < 4.9.18 - Admin+ Stored XSS

The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00354EPSS
Exploits1References1
CVE
CVE
added 2025/01/07 6:0 a.m.49 views

CVE-2024-9638

CVE-2024-9638 affects Category Posts Widget for WordPress (Category Posts Widget) up to version 4.9.17. The issue is improper sanitization/escaping of widget settings, enabling stored XSS by high-privilege users (e.g., Admin) even when unfiltered_html is disallowed (e.g., multisite). The root cau...

4.8CVSS5.4AI score0.00354EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/01/07 4:21 a.m.45 views

CVE-2024-12288

The CVE-2024-12288 entry concerns the WordPress plugin Simple add pages or posts. Connected Red Hat advisory RH:CVE-2024-12288 confirms a Cross-Site Request Forgery vulnerability in this plugin, arising from missing nonce validation, enabling unauthenticated attackers to update settings and injec...

6.1CVSS6AI score0.0019EPSS
Exploits0References3
Circl
Circl
added 2025/01/07 4:9 a.m.7 views

CVE-2024-43096

creationtimestamp| type| source ---|---|--- 2025-01-07 04:09:13+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lf4ro76fzm2x 2025-01-07 06:46:18+00:00| seen| https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lf52h3ciws26 2025-01-07 09:47:29+00:00| seen|...

8.8CVSS4.8AI score0.00183EPSS
Exploits0References10
Circl
Circl
added 2025/01/07 3:1 a.m.13 views

CVE-2025-22395

creationtimestamp| type| source ---|---|--- 2025-01-07 03:01:49+00:00| seen| https://infosec.exchange/users/cve/statuses/113784842334985507 2025-01-07 03:15:24+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4onxu4em2c 2025-01-07 03:38:00+00:00| seen|...

8.2CVSS4.8AI score0.00194EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.5 views

WordPress plugin Member Access 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...

5.3CVSS8AI score0.00439EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.5 views

PT-2025-1645 · WordPress · Same But Different – Related Posts By Taxonomy

Name of the Vulnerable Software and Affected Versions: Same but Different – Related Posts by Taxonomy plugin for WordPress versions up to, and including, 1.0.16 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without...

6.1CVSS6.7AI score0.00341EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.4 views

PT-2025-3730 · WordPress · Category Posts Widget

Name of the Vulnerable Software and Affected Versions: Category Posts Widget WordPress plugin versions prior to 4.9.18 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

4.8CVSS8AI score0.00354EPSS
Exploits1References4
Rows per page
Query Builder