Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8990 matches found

Tenable Nessus
Tenable Nessusadded 2023/05/22 12:0 a.m.34 views

WordPress 6.0.x < 6.0.5 Shortcode Execution

According to its self-reported version number, the detected WordPress application is affected by a shortcode execution in user generated content. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

6.1CVSS7.3AI score0.79527EPSS
Exploits7References2
Packet Storm
Packet Stormadded 2023/05/22 12:0 a.m.336 views

W3 Eden Download Manager 3.2.70 Cross Site Scripting

W3 Eden recently patched an Authenticated Stored Cross-Site Scripting vulnerability in Download Manager. On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in W3 Eden’s Download...

7.1AI score0.00646EPSS
Exploits2
Tenable Nessus
Tenable Nessusadded 2023/05/22 12:0 a.m.32 views

WordPress 6.2.x < 6.2.2 Shortcode Execution

According to its self-reported version number, the detected WordPress application is affected by a shortcode execution in user generated content. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

6.1CVSS7.3AI score0.79527EPSS
Exploits7References2
WPVulnDB
WPVulnDBadded 2023/05/22 12:0 a.m.19 views

Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Note: The plugin requires WPBakery Page...

5.4CVSS5.8AI score0.00444EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessusadded 2023/05/22 12:0 a.m.338 views

WordPress 6.1.x < 6.1.3 Shortcode Execution

According to its self-reported version number, the detected WordPress application is affected by a shortcode execution in user generated content. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

6.1CVSS7.3AI score0.79527EPSS
Exploits7References2
ATTACKERKB
ATTACKERKBadded 2023/05/20 3:15 a.m.2 views

CVE-2023-2735

The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ghform' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

5.4CVSS7AI score0.00494EPSS
Exploits0References5
OSV
OSVadded 2023/05/20 3:15 a.m.5 views

CVE-2023-2735

The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ghform' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

5.4CVSS6.9AI score0.00494EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2023/05/20 12:0 a.m.5 views

PT-2023-21078 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to missing nonce validation in the ajax edit contact function, making it possible for authenticated attackers to elevate verified user...

8CVSS7.9AI score0.00399EPSS
Exploits0References8
Tenable Nessus
Tenable Nessusadded 2023/05/17 12:0 a.m.125 views

WordPress 5.1.x < 5.1.16 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
Tenable Nessus
Tenable Nessusadded 2023/05/17 12:0 a.m.34 views

WordPress 6.1.x < 6.1.2 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
Tenable Nessus
Tenable Nessusadded 2023/05/17 12:0 a.m.56 views

WordPress 4.2.x < 4.2.35 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
Tenable Nessus
Tenable Nessusadded 2023/05/17 12:0 a.m.287 views

WordPress 5.6.x < 5.6.11 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
Tenable Nessus
Tenable Nessusadded 2023/05/17 12:0 a.m.101 views

WordPress 4.8.x < 4.8.22 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
Tenable Nessus
Tenable Nessusadded 2023/05/17 12:0 a.m.416 views

WordPress 5.8.x < 5.8.7 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
Tenable Nessus
Tenable Nessusadded 2023/05/17 12:0 a.m.203 views

WordPress 5.3.x < 5.3.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
Tenable Nessus
Tenable Nessusadded 2023/05/17 12:0 a.m.20 views

WordPress 4.1.x < 4.1.38 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
Tenable Nessus
Tenable Nessusadded 2023/05/17 12:0 a.m.31 views

WordPress 5.0.x < 5.0.19 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
Tenable Nessus
Tenable Nessusadded 2023/05/17 12:0 a.m.241 views

WordPress 5.2.x < 5.2.18 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
Tenable Nessus
Tenable Nessusadded 2023/05/17 12:0 a.m.42 views

WordPress 6.2.x < 6.2.1 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
Tenable Nessus
Tenable Nessusadded 2023/05/17 12:0 a.m.578 views

WordPress 5.5.x < 5.5.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

6.1CVSS6.5AI score0.79527EPSS
Exploits7References3
Rows per page
Query Builder