Lucene search
K

453 matches found

CNNVD
CNNVD
added 2026/04/23 12:0 a.m.12 views

WordPress plugin reCaptcha by WebDesignBy 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

3.5CVSS5.7AI score0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/22 7:45 a.m.3 views

CVE-2026-4133 TextP2P Texting Widget <= 1.7 - Cross-Site Request Forgery to Settings Update

The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to missing nonce validation in the imTextP2POptionPage function which processes settings updates. The form at line 314 does not include a wpnoncefield,...

4.3CVSS5.7AI score0.00156EPSS
Exploits0References5
OSV
OSV
added 2026/03/31 11:45 p.m.16 views

GHSA-XFQJ-3VMX-63WV File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection

Summary The SPA index page in File Browser is vulnerable to Stored Cross-site Scripting XSS via admin-controlled branding fields. An admin who sets branding.name to a malicious payload injects persistent JavaScript that executes for ALL visitors, including unauthenticated users. Details...

6.9CVSS6AI score0.00356EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/31 11:45 p.m.7 views

File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection

Summary The SPA index page in File Browser is vulnerable to Stored Cross-site Scripting XSS via admin-controlled branding fields. An admin who sets branding.name to a malicious payload injects persistent JavaScript that executes for ALL visitors, including unauthenticated users. Details...

6.9CVSS6AI score0.00356EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.2 views

PT-2026-29427

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.62.2 Description: File Browser versions prior to 2.62.2 are susceptible to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An administrator setting the branding.name field to a malicious...

6.9CVSS6AI score0.00356EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/02/18 7:25 a.m.5 views

CVE-2026-1860

The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the getitemspermissionscheck permission callback on the /kaliforms/v1/forms/id REST API endpoint only checking for the editposts capability without...

4.3CVSS5.6AI score0.00289EPSS
Exploits0References6
CVE
CVE
added 2026/02/18 7:25 a.m.27 views

CVE-2026-1860

The Kali Forms WordPress plugin (versions

4.3CVSS5.6AI score0.00289EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/28 7:27 a.m.4 views

CVE-2026-1054

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rmsetotp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrar...

5.3CVSS6AI score0.00232EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/28 7:27 a.m.5 views

EUVD-2026-4918

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rmsetotp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrar...

5.3CVSS6AI score0.00232EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/28 7:27 a.m.2 views

CVE-2026-1054 RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rmsetotp AJAX action handler. This makes it possible for unauthenticated attackers to modify arbitrar...

5.3CVSS6AI score0.00232EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.10 views

PT-2026-5078

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm set otp AJAX action handler. This makes it possible for unauthenticated attackers to modify...

5.3CVSS6AI score0.00232EPSS
Exploits0References4
Snyk
Snyk
added 2026/01/21 3:59 a.m.4 views

Malicious Package

Overview recaptcha-cors is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
EUVD
EUVD
added 2026/01/21 3:59 a.m.5 views

EUVD-2026-3765

Malicious code in recaptcha-cors npm...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/21 3:59 a.m.8 views

Malicious code in recaptcha-cors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79037ac310e3ba605ade8d6657ea9fd4d8261583079397795e7afccbf432a4fd The package recaptcha-cors was found to contain malicious code. Source: ghsa-malware 4936a94d5d7ed5509cecba8ba4b13b5d37ff1f114318c83e868dc6e5627818be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/01/21 3:59 a.m.4 views

MAL-2026-397 Malicious code in recaptcha-cors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79037ac310e3ba605ade8d6657ea9fd4d8261583079397795e7afccbf432a4fd The package recaptcha-cors was found to contain malicious code. Source: ghsa-malware 4936a94d5d7ed5509cecba8ba4b13b5d37ff1f114318c83e868dc6e5627818be...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:28 p.m.8 views

CVE-2018-21012

The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS...

6.1CVSS7.1AI score0.00916EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.29 views

CVE-2025-1262

The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification...

5.3CVSS6.8AI score0.00318EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Advanced Google reCAPTCHA plugin <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter vulnerability

Authenticated Subscriber+ Limited SQL Injection via 'sSearch' Parameter vulnerability discovered by Muhamad Visat in WordPress Plugin Advanced Google reCAPTCHA versions = 1.29...

5.3CVSS5.9AI score0.00389EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/23 7:10 p.m.4 views

EUVD-2025-204863

Malicious code in @googlerecaptcha/js npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/23 7:10 p.m.7 views

Malicious code in @google_recaptcha/js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd0346120a6f0d866aebe59ca9ae06c02e28849fc3840a412edcc81a2ab54ded The package @googlerecaptcha/js was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
Rows per page
Query Builder