Lucene search
K

6265 matches found

OSV
OSV
added 2024/10/15 2:15 a.m.5 views

CVE-2024-6757

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the getimagealt function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

4.3CVSS5.8AI score0.0039EPSS
Exploits0References2
Circl
Circl
added 2024/10/14 7:10 p.m.6 views

CVE-2024-6763

creationtimestamp| type| source ---|---|--- 2024-10-14 19:10:56+00:00| seen| https://t.me/cvedetector/7821 2025-09-30 01:31:24+00:00| seen| https://bsky.app/profile/gcpweekly.bsky.social/post/3lzzeuwaoi422 2025-09-30 01:31:29+00:00| seen|...

5.3CVSS6.1AI score0.00986EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.5 views

PT-2024-37853 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions up to, and including, 3.23.5 Description: The issue allows authenticated attackers with Contributor-level access and above to extract either excerpt data or titles of private or...

4.3CVSS6.9AI score0.0039EPSS
Exploits0References8
CVE
CVE
added 2024/10/12 5:39 a.m.48 views

CVE-2024-9824

The ImagePress – Image Gallery WordPress plugin is affected up to version 1.2.2 by a Broken Access Control issue: missing capability checks on ip_delete_post and ip_update_post_title allow authenticated users with Subscriber+ rights to delete arbitrary posts and change post titles. Public details...

4.3CVSS4.8AI score0.00322EPSS
Exploits0References4
Circl
Circl
added 2024/10/10 3:55 p.m.11 views

CVE-2024-35202

creationtimestamp| type| source ---|---|--- 2024-10-10 15:55:20+00:00| seen| https://t.me/cvedetector/7600 2025-03-07 16:09:50+00:00| seen| https://bsky.app/profile/dergoegge.bsky.social/post/3ljsfgydzm22p 2025-03-07 16:09:50+00:00| seen|...

7.5CVSS4.8AI score0.009EPSS
Exploits0References4
Circl
Circl
added 2024/10/09 7:0 p.m.11 views

CVE-2024-25825

creationtimestamp| type| source ---|---|--- 2024-10-09 19:00:04+00:00| seen| https://t.me/cvedetector/7499 2025-07-30 06:30:15+00:00| seen| https://bsky.app/profile/cscr-bot.bsky.social/post/3lv5yo7ntur27 2025-07-30 07:17:55+00:00| seen|...

9.8CVSS4.8AI score0.00518EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/09 9:10 a.m.4 views

WordPress Featured Posts with Multiple Custom Groups (FPMCG) plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Featured Posts with Multiple Custom Groups FPMCG versions = 4.0...

7.1CVSS6.1AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/09 9:9 a.m.5 views

WordPress Featured Posts with Multiple Custom Groups (FPMCG) plugin <= 4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Featured Posts with Multiple Custom Groups FPMCG versions = 4.0...

6.5CVSS7AI score0.00195EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/09 9:3 a.m.5 views

WordPress SB Random Posts Widget plugin <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin SB Random Posts Widget versions = 1.0...

7.5CVSS7AI score0.00544EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/09 12:0 a.m.20 views

WordPress SB Random Posts Widget Plugin <= 1.0 is vulnerable to Local File Inclusion

Software SB Random Posts Widget Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-48029 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 4e7fd324ea44 Credits João Pedro S Alcântara Kinorth Required...

7.5CVSS7.8AI score0.00544EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2024/10/08 5:54 p.m.14 views

CVE-2024-43468

creationtimestamp| type| source ---|---|--- 2024-10-08 17:54:47+00:00| seen| https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review 2024-10-09 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1390 2024-10-09 10:21:15+00:00| seen|...

9.8CVSS7.5AI score0.60661EPSS
Exploits3References38
Patchstack
Patchstack
added 2024/10/08 5:32 p.m.5 views

WordPress Smart Post Show plugin <= 3.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Pagination Color vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Pagination Color vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Post Grid, Post Carousel, & List Category Posts – by Smart Post Show versions = 3.0.0...

4.8CVSS5.8AI score0.00255EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/10/06 1:15 p.m.15 views

CVE-2024-44036

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes kodex-posts-likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through = 2.5.0...

5.9CVSS0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/06 12:14 p.m.18 views

CVE-2024-44036 WordPress Kodex Posts likes plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes kodex-posts-likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through = 2.5.0...

5.9CVSS5.2AI score0.00251EPSS
Exploits0References1
CVE
CVE
added 2024/10/06 12:14 p.m.47 views

CVE-2024-44036

CVE-2024-44036 is a Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Kodex Posts likes (versions

5.9CVSS5.9AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/06 12:14 p.m.20 views

CVE-2024-44036 WordPress Kodex Posts likes plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes kodex-posts-likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through = 2.5.0...

5.9CVSS0.00251EPSS
Exploits0References1
OSV
OSV
added 2024/10/04 5:15 a.m.3 views

CVE-2024-9445

The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's displaymediumposts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.9AI score0.00288EPSS
Exploits0References3
CVE
CVE
added 2024/10/04 2:4 a.m.45 views

CVE-2024-9445

CVE-2024-9445 refers to a Stored Cross-Site Scripting flaw in the WordPress plugin Display Medium Posts (versions

6.4CVSS5.6AI score0.00288EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/10/04 2:4 a.m.11 views

CVE-2024-9445 Display Medium Posts <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_medium_posts Shortcode

The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's displaymediumposts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00288EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/04 1:15 a.m.4 views

WordPress Display Medium Posts plugin <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_medium_posts Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via displaymediumposts Shortcode vulnerability discovered by theviper17y in WordPress Plugin Display Medium Posts versions = 5.0.1...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder