Lucene search
K

6276 matches found

Cvelist
Cvelist
added 2024/12/16 2:13 p.m.14 views

CVE-2024-54427 WordPress Category of Posts plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in ljmacphee Category of Posts list-one-category-of-posts allows Stored XSS.This issue affects Category of Posts: from n/a through = 1.0...

7.1CVSS0.00202EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/12/16 11:33 a.m.6 views

WordPress TPG Get Posts plugin <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin TPG Get Posts versions = 3.6.5...

6.4CVSS5.7AI score0.0033EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.5 views

PT-2024-36316 · Unknown · Linda Macphee-Cobb Category Of Posts

Name of the Vulnerable Software and Affected Versions: Linda MacPhee-Cobb Category of Posts versions n/a through 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on...

7.1CVSS6.9AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.5 views

PT-2024-36301 · Unknown · Display Future Posts

Name of the Vulnerable Software and Affected Versions: Display Future Posts versions n/a through 0.2.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

7.1CVSS6.8AI score0.00202EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.3 views

WordPress plugin Display Future Posts 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the...

7.1CVSS8.4AI score0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.4 views

WordPress plugin TPG Get Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.7AI score0.0033EPSS
Exploits0References4
CVE
CVE
added 2024/12/14 5:34 a.m.51 views

CVE-2024-10690

The CVE-2024-10690 entry corresponds to the WordPress plugin Shortcodes for Elementor (versions up to 1.0.4). The issue is an Information Exposure flaw in the SHORTCODE_ELEMENTOR endpoint caused by insufficient access restrictions, enabling authenticated attackers with Contributor-level access or...

4.3CVSS4.4AI score0.00289EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/14 5:34 a.m.11 views

CVE-2024-10690 Shortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post Disclosure

The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODEELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

4.3CVSS6.6AI score0.00289EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/14 5:34 a.m.30 views

CVE-2024-10690 Shortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post Disclosure

The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODEELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

4.3CVSS0.00289EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.6 views

PT-2024-17596 · WordPress · Get Post Content Shortcode

Name of the Vulnerable Software and Affected Versions: Get Post Content Shortcode plugin for WordPress versions up to, and including, 0.4 Description: The issue is related to Insecure Direct Object Reference. This is due to missing validation on a user-controlled key in the 'post-content'...

4.3CVSS7AI score0.00295EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.5 views

PT-2024-16466 · WordPress +1 · Shortcodes For Elementor +1

Name of the Vulnerable Software and Affected Versions: Shortcodes for Elementor plugin for WordPress versions up to, and including, 1.0.4 RSTheme affected versions not specified Description: The issue is related to Information Exposure, where insufficient restrictions on which posts can be includ...

4.3CVSS7.2AI score0.00289EPSS
Exploits0References12
NVD
NVD
added 2024/12/13 3:15 p.m.19 views

CVE-2024-54311

Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through = 7.5.1...

5.4CVSS0.00476EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 3:15 p.m.6 views

CVE-2023-41849

Missing Authorization vulnerability in WP Happy Coders Posts Like Dislike allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Like Dislike: from n/a through 1.1.0...

5.3CVSS0.0048EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/13 2:25 p.m.20 views

CVE-2024-54311 WordPress Mark New Posts plugin <= 7.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through = 7.5.1...

5.4CVSS0.00476EPSS
Exploits0References1
CVE
CVE
added 2024/12/13 2:25 p.m.47 views

CVE-2024-54311

CVE-2024-54311 is a Missing Authorization vulnerability in the WordPress plugin Mark New Posts . The issue allows exploitation of access control to modify settings via the plugin’s save_options flow, affecting versions up to and including 7.5.1 . The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I...

5.4CVSS7.2AI score0.00476EPSS
Exploits0References1
CVE
CVE
added 2024/12/13 2:24 p.m.37 views

CVE-2023-41849

The CVE-2023-41849 entry concerns the WordPress Posts Like Dislike plugin (

5.3CVSS5.1AI score0.0048EPSS
Exploits0References1
Circl
Circl
added 2024/12/13 9:30 a.m.9 views

CVE-2024-9290

creationtimestamp| type| source ---|---|--- 2024-12-13 09:30:14+00:00| seen| https://infosec.exchange/users/cve/statuses/113644811971420753 2024-12-13 12:25:39+00:00| seen| https://t.me/cvedetector/12853 2024-12-24 19:28:07+00:00| seen|...

9.8CVSS8.7AI score0.03549EPSS
Exploits2References6
CVE
CVE
added 2024/12/13 8:24 a.m.46 views

CVE-2024-12309

CVE-2024-12309 affects Rate My Post – Star Rating Plugin for WordPress (FeedbackWP). The vulnerability is an Insecure Direct Object Reference in get_post_status() due to missing validation on a user-controlled key, allowing unauthenticated voters to affect unpublished posts. The CVE entry notes v...

5.3CVSS5.2AI score0.00303EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/13 8:24 a.m.22 views

CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts

The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00303EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/13 8:24 a.m.9 views

CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts

The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the getpoststatus due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to...

5.3CVSS6.8AI score0.00303EPSS
Exploits0References2
Rows per page
Query Builder