Lucene search
K

50 matches found

Patchstack
Patchstack
added 2025/03/27 11:16 a.m.5 views

WordPress SecuPress Free plugin <= 2.2.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin SecuPress Free versions = 2.2.5.3...

6.5CVSS6.1AI score0.00279EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/03/27 11:15 a.m.20 views

CVE-2025-30907

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n/a through = 2.2.5.3...

6.5CVSS0.00279EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/27 11:15 a.m.4 views

CVE-2025-30907

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n/a through = 2.2.5.3...

6.5CVSS7.2AI score0.00279EPSS
Exploits0References3
OSV
OSV
added 2025/03/27 11:15 a.m.3 views

CVE-2025-30907

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a through 2.2.5.3...

5.4CVSS7.3AI score0.00279EPSS
Exploits0References1
CVE
CVE
added 2025/03/27 10:55 a.m.60 views

CVE-2025-30907

CVE-2025-30907 (SecuPress Free) is a DOM-based XSS vector in SecuPress Free for WordPress. Public details from connected sources confirm: vulnerable component is SecuPress Free (≤ 2.2.5.3) and the issue is an improper neutralization of input during web page generation leading to Cross‑Site Script...

6.5CVSS7.2AI score0.00279EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/27 10:55 a.m.6 views

CVE-2025-30907 WordPress SecuPress Free plugin <= 2.2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n/a through = 2.2.5.3...

6.5CVSS7.3AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/27 10:55 a.m.24 views

CVE-2025-30907 WordPress SecuPress Free plugin <= 2.2.5.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SecuPress SecuPress Free secupress allows DOM-Based XSS.This issue affects SecuPress Free: from n/a through = 2.2.5.3...

6.5CVSS0.00279EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.5 views

WordPress plugin SecuPress Free 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS8AI score0.00279EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/11 8:22 p.m.5 views

WordPress SecuPress Free plugin <= 2.2.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin SecuPress Free versions = 2.2.5.3...

7AI score0.00243EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/02/28 9:15 a.m.4 views

CVE-2024-9019

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupresscheckbanipsform shortcode in all versions up to, and including, 2.2.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This...

5.4CVSS7.4AI score0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/28 8:23 a.m.19 views

CVE-2024-9019 SecuPress Free — WordPress Security <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupresscheckbanipsform shortcode in all versions up to, and including, 2.2.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/28 8:23 a.m.10 views

CVE-2024-9019 SecuPress Free — WordPress Security <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupresscheckbanipsform shortcode in all versions up to, and including, 2.2.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 2025/02/28 8:23 a.m.100 views

CVE-2024-9019

CVE-2024-9019 concerns the SecuPress Free — WordPress Security plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the secupress_check_ban_ips_form shortcode, caused by insufficient input sanitization and output escaping. Affected versions are all up to and including 2.2.5.3....

6.4CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.14 views

PT-2025-9075 · WordPress · Secupress Free

Name of the Vulnerable Software and Affected Versions: SecuPress Free — WordPress Security plugin versions up to, and including, 2.2.5.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

6.4CVSS7.7AI score0.00197EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.6 views

WordPress plugin SecuPress Free 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS7.5AI score0.00197EPSS
Exploits0References3
OSV
OSV
added 2024/04/02 6:15 a.m.6 views

CVE-2024-1504

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for unauthenticated attacker...

4.3CVSS5.8AI score0.00261EPSS
Exploits0References3
NVD
NVD
added 2024/04/02 6:15 a.m.11 views

CVE-2024-1504

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for unauthenticated attacker...

4.3CVSS4.3AI score0.00261EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/02 5:32 a.m.15 views

CVE-2024-1504 SecuPress Free — WordPress Security <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for unauthenticated attacker...

4.3CVSS4.6AI score0.00261EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/02 5:32 a.m.12 views

CVE-2024-1504 SecuPress Free — WordPress Security <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address

The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for unauthenticated attacker...

4.3CVSS7.2AI score0.00261EPSS
Exploits0References3
CVE
CVE
added 2024/04/02 5:32 a.m.62 views

CVE-2024-1504

CVE-2024-1504 (Red Hat entry mirrors SecuPress Free WordPress Security plugin) is a CSRF vulnerability in SecuPress Free prior to or up to version 2.2.5.1. The root cause is missing or incorrect nonce validation in secupress_blackhole_ban_ip(), allowing unauthenticated attackers to forge a reques...

4.3CVSS8.9AI score0.00261EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder