Lucene search
K

230 matches found

NVD
NVD
added 2024/07/09 9:15 a.m.39 views

CVE-2024-5856

The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cirdeleteimage AJAX action in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

4.3CVSS0.00403EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/09 12:0 a.m.11 views

WordPress Comment Images Reloaded Plugin <= 2.2.1 is vulnerable to Broken Access Control

Software Comment Images Reloaded Type Plugin Vulnerable versions = 2.2.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-5856 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a3534aef50ef Credits Lucio Sá Required...

4.3CVSS6.6AI score0.00403EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.4 views

PT-2024-37195 · WordPress · Comment Images Reloaded

Name of the Vulnerable Software and Affected Versions: Comment Images Reloaded plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to a missing capability check on the cir delete image AJAX action. This allows authenticated attackers with Subscriber-level...

4.3CVSS6.6AI score0.00403EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/04/17 9:43 a.m.21 views

CVE-2024-26820 hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Register VF in netvscprobe if NETDEVICEREGISTER missed If hvnetvsc driver is unloaded and reloaded, the NETDEVICEREGISTER handler cannot perform VF register successfully as the register call is received before netvscpro...

6.7AI score0.00237EPSS
Exploits0References8
NVD
NVD
added 2024/04/10 4:15 p.m.22 views

CVE-2024-31249

Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725...

7.5CVSS5.3AI score0.0051EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/10 3:48 p.m.9 views

CVE-2024-31249 WordPress Subscribe To Comments Reloaded plugin <= 220725 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725...

5.3CVSS6.9AI score0.0051EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/10 3:48 p.m.23 views

CVE-2024-31249 WordPress Subscribe To Comments Reloaded plugin <= 220725 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725...

5.3CVSS5.6AI score0.0051EPSS
Exploits0References1
CVE
CVE
added 2024/04/10 3:48 p.m.68 views

CVE-2024-31249

CVE-2024-31249 is a vulnerability described as an Insertion of Sensitive Information into Log File affecting the WordPress plugin Subscribe To Comments Reloaded (WPKube). Public details indicate the issue impacts the Subscribe To Comments Reloaded plugin up to version 220725 (n/a through 220725)....

7.5CVSS8.6AI score0.0051EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.8 views

PT-2024-23891 · WordPress · Wpkube Subscribe To Comments Reloaded

Name of the Vulnerable Software and Affected Versions: WPKube Subscribe To Comments Reloaded versions from n/a through 220725 Description: The issue is related to the insertion of sensitive information into log files. This can potentially expose sensitive data. Recommendations: For versions from...

7.5CVSS9AI score0.0051EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/04/05 5:49 a.m.6 views

WordPress Subscribe To Comments Reloaded plugin <= 220725 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Subscribe To Comments Reloaded versions = 220725...

7.5CVSS7AI score0.0051EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.11 views

WordPress Subscribe To Comments Reloaded Plugin <= 220725 is vulnerable to Sensitive Data Exposure

Software Subscribe To Comments Reloaded Type Plugin Vulnerable versions = 220725 Fixed in 240119 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-31249 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 45c0e6e3acea...

7.5CVSS6.5AI score0.0051EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/03/16 2:15 a.m.11 views

CVE-2024-27195

Cross-Site Request Forgery CSRF vulnerability in sverde1 Watermark RELOADED watermark-reloaded allows Cross Site Request Forgery.This issue affects Watermark RELOADED: from n/a through = 1.3.5...

7.1CVSS6.8AI score0.00236EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/16 1:17 a.m.9 views

CVE-2024-27195 WordPress Watermark RELOADED plugin <= 1.3.5 - CSRF to XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in sverde1 Watermark RELOADED watermark-reloaded allows Cross Site Request Forgery.This issue affects Watermark RELOADED: from n/a through = 1.3.5...

7.1CVSS7.2AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2024/03/16 1:17 a.m.66 views

CVE-2024-27195

CVE-2024-27195 is a CSRF to Stored XSS vulnerability in Watermark RELOADED for WordPress, affecting Watermark RELOADED versions up to 1.3.5. The available connected sources confirm the issue and affected version range, with a CVSS v3.1 base score of 7.1 (HIGH). There is no published patch or miti...

7.1CVSS7.2AI score0.00236EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/16 1:17 a.m.19 views

CVE-2024-27195 WordPress Watermark RELOADED plugin <= 1.3.5 - CSRF to XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in sverde1 Watermark RELOADED watermark-reloaded allows Cross Site Request Forgery.This issue affects Watermark RELOADED: from n/a through = 1.3.5...

7.1CVSS7AI score0.00236EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.5 views

PT-2024-21731 · Unknown · Watermark Reloaded

Name of the Vulnerable Software and Affected Versions: Watermark RELOADED versions 1.3.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

7.1CVSS9.4AI score0.00236EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.14 views

Watermark RELOADED <= 1.3.5 - Cross-Site Request Forgery via optionsPage

Description The Watermark RELOADED plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.5. This is due to missing or incorrect nonce validation on the 'optionsPage' function. This makes it possible for unauthenticated attackers to update plugin...

7.1CVSS6.2AI score0.00236EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/02/26 12:0 a.m.9 views

WordPress Watermark RELOADED Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Watermark RELOADED Type Plugin Vulnerable versions = 1.3.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-27195 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f6d96ac7d165 Credits Dimas Maulana...

7.1CVSS6.6AI score0.00236EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.10 views

WordPress Plugin Limit Login Attempts Reloaded Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.4CVSS5.8AI score0.0043EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/12/21 12:0 a.m.10 views

WordPress Limit Login Attempts Reloaded Plugin <= 2.25.26 is vulnerable to Cross Site Scripting (XSS)

Software Limit Login Attempts Reloaded Type Plugin Vulnerable versions = 2.25.26 Fixed in 2.25.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6934 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2de2d139dd65 Credits Hung...

6.4CVSS5.8AI score0.0043EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder