Lucene search
K

8997 matches found

Positive Technologies
Positive Technologies
added 2024/12/29 12:0 a.m.4 views

PT-2024-17504 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.8.22 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an acti...

6.3CVSS9.6AI score0.0047EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/12/27 6:42 a.m.4 views

WordPress WP-SVG plugin <= 0.9 - Contributor+ Stored XSS via Shortcode vulnerability

Contributor+ Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin WP-SVG versions = 0.9...

5.9CVSS6AI score0.00333EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/12/27 6:15 a.m.11 views

CVE-2024-11644

The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.9CVSS0.00333EPSS
Exploits1References1
OSV
OSV
added 2024/12/27 6:15 a.m.3 views

CVE-2024-11644

The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.9CVSS7.3AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/27 6:0 a.m.12 views

CVE-2024-11644 WP-SVG <= 0.9 - Contributor+ Stored XSS via Shortcode

The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00333EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/27 6:0 a.m.18 views

CVE-2024-11644 WP-SVG <= 0.9 - Contributor+ Stored XSS via Shortcode

The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

0.00333EPSS
Exploits1References1
CVE
CVE
added 2024/12/27 6:0 a.m.57 views

CVE-2024-11644

The CVE-2024-11644 entry concerns the WP-SVG WordPress plugin (versions

5.9CVSS5.6AI score0.00333EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.5 views

PT-2024-17152 · WordPress · Wp-Svg

Name of the Vulnerable Software and Affected Versions: WP-SVG WordPress plugin versions 0.9 and prior Description: The issue concerns the WP-SVG WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is...

5.9CVSS8.3AI score0.00333EPSS
Exploits1References10
OSV
OSV
added 2024/12/25 7:15 a.m.5 views

CVE-2024-12335

The Avada Fusion Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handleclonepost function and the 'fusionblog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for...

4.3CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/25 12:0 a.m.8 views

PT-2024-17549 · WordPress · Avada (Fusion) Builder

Name of the Vulnerable Software and Affected Versions: Avada Fusion Builder plugin for WordPress versions up to, and including, 3.11.12 Description: The issue allows authenticated attackers with contributor-level access and above to extract data from password protected, private, or draft posts th...

4.3CVSS9.6AI score0.00359EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/12/25 12:0 a.m.5 views

WordPress plugin Avada Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS8.1AI score0.00359EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/24 12:0 a.m.5 views

PT-2024-17637 · Teplitsa · Shmapper

Name of the Vulnerable Software and Affected Versions: ShMapper by Teplitsa plugin for WordPress versions up to, and including, 1.4.18 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'shmMap' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS8AI score0.0027EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/12/24 12:0 a.m.2 views

WordPress plugin Loan Comparison 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.4CVSS7.5AI score0.00415EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/24 12:0 a.m.4 views

PT-2024-17677 · WordPress · Wordpress Simple Shopping Cart

Name of the Vulnerable Software and Affected Versions: WordPress Simple Shopping Cart plugin versions up to and including 5.0.7 Description: The issue is related to stored Cross-Site Scripting XSS due to insufficient input sanitization and output escaping on user-supplied attributes. This allows...

6.4CVSS7.8AI score0.00352EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/12/24 12:0 a.m.5 views

PT-2024-17214 · WordPress · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress plugin for WordPress versions up to, and including, 1.1.21 Description: The issue is related to SQL Injection via the category parameter of the 'bookingpress form' shortcode. This is due to insufficient escaping on the...

6.5CVSS9.7AI score0.00484EPSS
Exploits0References7
NVD
NVD
added 2024/12/21 6:15 a.m.13 views

CVE-2024-11977

The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running...

7.3CVSS0.00637EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/21 5:31 a.m.25 views

CVE-2024-11977 kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution

The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running...

7.3CVSS0.00637EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/21 5:31 a.m.7 views

CVE-2024-11977 kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution

The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running...

7.3CVSS7.8AI score0.00637EPSS
Exploits0References2
CVE
CVE
added 2024/12/21 5:31 a.m.64 views

CVE-2024-11977

CVE-2024-11977 concerns the kk Star Ratings – Rate Post & Collect User Feedbacks WordPress plugin. The WordPress plugin is vulnerable to arbitrary shortcode execution in all versions up to and including 5.4.10 due to unvalidated input passed to do_shortcode, enabling unauthenticated attackers to ...

7.3CVSS7.6AI score0.00637EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/21 12:0 a.m.4 views

PT-2024-17378 · WordPress · Kk Star Ratings

Name of the Vulnerable Software and Affected Versions: The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress versions up to, and including, 5.4.10 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action...

7.3CVSS9.7AI score0.00637EPSS
Exploits0References8
Rows per page
Query Builder