Lucene search
K

81 matches found

NVD
NVD
added 2024/12/16 4:15 p.m.21 views

CVE-2024-54285

Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10...

9.1CVSS0.00494EPSS
Exploits0References1
NVD
NVD
added 2024/09/12 12:15 p.m.22 views

CVE-2024-8750

Cross-site Scripting XSS vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters id,lang,mNavID,name,pID,treeNode,type,view...

6.1CVSS0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.7 views

PT-2024-31626 · Unknown · Advanced Custom Fields Pro

Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields versions 6.3.5 and earlier Advanced Custom Fields Pro versions 6.3.5 and earlier Description: A cross-site scripting issue exists, allowing an attacker with the capability setting privilege to store an arbitrary script ...

6.1CVSS6.6AI score0.00395EPSS
Exploits0References9
OSV
OSV
added 2024/06/07 10:15 a.m.6 views

CVE-2024-5426

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00314EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.32 views

CVE-2024-2324 FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...

4.4CVSS4.6AI score0.0032EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.55 views

CVE-2024-2324

CVE-2024-2324 affects the FileOrganizer – Manage WordPress and Website Files WordPress plugin. It is vulnerable to stored cross-site scripting via SVG file uploads in all versions up to 1.0.6, caused by insufficient input sanitization and output escaping. Exploitation requires authentication. The...

5.4CVSS5.8AI score0.0032EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.14 views

CVE-2024-2324

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers t...

4.4CVSS5.9AI score0.0032EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.17 views

FileOrganizer and FileOrganizer Pro < 1.0.7 - Authenticated Stored Cross-Site Scripting

Description The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS6AI score0.0032EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/03/13 4:15 p.m.25 views

CVE-2023-6825

The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...

9.9CVSS9.1AI score0.06009EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/13 3:27 p.m.54 views

CVE-2023-6825 File Manager And File Manager Pro (Multiple Versions) - Directory Traversal

The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...

9.9CVSS9.1AI score0.06009EPSS
Exploits0References3
OSV
OSV
added 2024/01/11 9:15 a.m.4 views

CVE-2023-6632

The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 versions up to 2.9.1.1 in Happy Addons for Elementor Pro due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS7.4AI score0.00544EPSS
Exploits0References3
NVD
NVD
added 2024/01/10 3:15 p.m.25 views

CVE-2023-6158

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...

6.5CVSS6.6AI score0.00566EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/21 5:5 a.m.2 views

WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting

Overview WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability CWE-79. Ryotaro Imamura of SB Technology Corp. and Satoo Nakano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.4CVSS6.1AI score0.0148EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/10/21 12:0 a.m.2 views

Emlog 代码问题漏洞

Emlog is a PHP and MySQL based CMS website builder by the individual developers of Emlog. A code issue vulnerability exists in Emlog Pro version 1.6.0 that stems from a remote code execution issue...

7.2CVSS7.9AI score0.01438EPSS
Exploits1References2
wpexploit
wpexploit
added 2022/06/14 12:0 a.m.114 views

Easy Testimonials < 3.9 - Reflected Cross-Site Scripting

The plugin, when used along the Pro version, does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting With the pro version installed and when consent hasn't been given yet:...

7.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2022/06/14 12:0 a.m.8 views

Easy Testimonials < 3.9 - Reflected Cross-Site Scripting

The plugin, when used along the Pro version, does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting PoC With the pro version installed and when consent hasn't been given yet:...

1.6AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/04/29 12:0 a.m.4 views

Emlog 跨站脚本漏洞

Emlog is a PHP and MySQL based CMS website building system. A security vulnerability exists in Emlog Pro version 1.2.2 and earlier, which can be exploited by a registered and logged-in attacker to launch cross-site scripting attacks...

5.4CVSS5.2AI score0.00558EPSS
Exploits0References3
OSV
OSV
added 2022/04/12 9:15 a.m.5 views

CVE-2022-23450

A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.3 Update 1, SIMATIC Energy Manager PRO All versions V7.3 Update 1. The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the...

9.8CVSS6.2AI score0.35758EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/14 12:0 a.m.5 views

Qnap Qvr缓冲区错误漏洞

Qnap Qvr is a Qnap monitoring system control center from China Welllink Technology Qnap, Inc. A buffer overflow vulnerability exists in several QVR products, which stems from a stack buffer overflow vulnerability that affects QNAP devices running QVR Elite, QVR Pro, and QVR Guard. An attacker cou...

9.8CVSS6.4AI score0.01296EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/01/13 12:0 a.m.5 views

Qnap Qvr缓冲区错误漏洞

Qnap Qvr is a Qnap monitoring system control center from China Welllink Technology Qnap, Inc. A security vulnerability exists in several QVR products, stemming from a stack buffer overflow vulnerability that affects QNAP devices running QVR Elite, QVR Pro, and QVR Guard. An attacker could exploit...

9.8CVSS6.4AI score0.01296EPSS
Exploits0References3
Rows per page
Query Builder