Lucene search
+L

47 matches found

nuclei
nuclei
added 9 hours ago111 views

WordPress Redux Framework <=4.2.11 - Information Disclosure

WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 has...

5.3CVSS6.2AI score0.28961EPSS
Exploits6References5
nvd
nvd
added 12 hours ago5 views

CVE-2026-12525

The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile...

8.8CVSS
Exploits0References1
cvelist
cvelist
added 13 hours ago9 views

CVE-2026-12525 Redux Framework < 4.5.13 - Subscriber+ Privilege Escalation to Administrator

The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile...

Exploits0References1
cve
cve
added 13 hours ago8 views

CVE-2026-12525

The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile...

8.8CVSS6.1AI score
Exploits0References1
euvd
euvd
added 13 hours ago5 views

EUVD-2026-44875

The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile...

8.8CVSS6.1AI score
Exploits0References1
cve
cve
added 2026/03/21 3:27 a.m.8 views

CVE-2026-3478

CVE-2026-3478 affects the Content Syndication Toolkit plugin for WordPress (versions

7.2CVSS5.9AI score0.00272EPSS
Exploits0References7
redhatcve
redhatcve
added 2025/12/14 5:3 a.m.5 views

CVE-2025-9488

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS5AI score0.0029EPSS
Exploits0References1
euvd
euvd
added 2025/12/13 6:30 p.m.4 views

EUVD-2025-203202

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS4.7AI score0.0029EPSS
Exploits0References5
nvd
nvd
added 2025/12/13 4:16 p.m.5 views

CVE-2025-9488

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS0.0029EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/12/13 4:31 a.m.2 views

CVE-2025-9488 Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS4.7AI score0.0029EPSS
Exploits0References4
cvelist
cvelist
added 2025/12/13 4:31 a.m.34 views

CVE-2025-9488 Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS0.0029EPSS
Exploits0References4
cve
cve
added 2025/12/13 4:31 a.m.17 views

CVE-2025-9488

CVE-2025-9488 affects the Redux Framework WordPress plugin (≤4.5.8). It enables Stored Cross‑Site Scripting via the data parameter by authenticated users with Contributor+; scripts execute on the affected pages when loaded. Wordfence reports this CVE as patched (patch status: Patched); no exploit...

6.4CVSS4.7AI score0.0029EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/12/13 12:0 a.m.7 views

PT-2025-51085

The Redux Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 4.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS5AI score0.0029EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/12/13 12:0 a.m.4 views

WordPress plugin Redux Framework 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.0029EPSS
Exploits0References5
patchstack
patchstack
added 2025/12/12 11:55 p.m.9 views

WordPress Redux Framework plugin <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Redux Framework versions = 4.5.8...

6.4CVSS5.7AI score0.0029EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-24765

Malware in sbrugna...

7.1CVSS6.4AI score0.01341EPSS
Exploits2References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-47842

Malicious code in bioql PyPI...

7.2CVSS6.5AI score0.01028EPSS
Exploits0References7
redhatcve
redhatcve
added 2025/02/05 2:49 a.m.19 views

CVE-2024-6828

The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the ReduxColorSchemeImport function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can ...

7.2CVSS6.5AI score0.01028EPSS
Exploits0References1
nvd
nvd
added 2024/07/23 2:15 a.m.38 views

CVE-2024-6828

The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the ReduxColorSchemeImport function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can ...

7.2CVSS0.01028EPSS
Exploits0References7
cve
cve
added 2024/07/23 2:1 a.m.120 views

CVE-2024-6828

CVE-2024-6828 (Redux Framework, WordPress): The Redux Framework plugin versions 4.4.12–4.4.17 are vulnerable to unauthenticated JSON file uploads due to missing authorization/capability checks in the Redux_Color_Scheme_Import function, enabling stored XSS and, in rare cases when wp_filesystem fai...

7.2CVSS6.9AI score0.01028EPSS
Exploits0References7
Rows per page
Query Builder