Lucene search
K

17 matches found

Patchstack
Patchstack
added 2025/10/23 3:27 a.m.6 views

WordPress FanBridge signup plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin FanBridge signup versions = 0.6...

7.1CVSS7AI score0.00103EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/01 8:15 p.m.8 views

CVE-2025-24289

A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability in the UCRM Client Signup Plugin v1.3.4 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default...

7.5CVSS6.5AI score0.00146EPSS
Exploits0References1
NVD
NVD
added 2025/06/29 8:15 p.m.8 views

CVE-2025-24289

A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability in the UCRM Client Signup Plugin v1.3.4 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default...

7.5CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 2025/06/29 7:25 p.m.18 views

CVE-2025-24289

The CVE-2025-24289 entry concerns the UCRM Client Signup Plugin (versions 1.3.4 and earlier). The documented vulnerability is a CSRF that can lead to XSS and privilege escalation when an Administrator visits a crafted malicious page. The plugin is disabled by default. Affected component: UCRM Cli...

7.5CVSS7AI score0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/29 7:25 p.m.9 views

CVE-2025-24289

A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability in the UCRM Client Signup Plugin v1.3.4 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default...

7.5CVSS0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/29 7:25 p.m.3 views

CVE-2025-24289

A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability in the UCRM Client Signup Plugin v1.3.4 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default...

7.5CVSS6.4AI score0.00146EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/29 12:0 a.m.5 views

PT-2025-27378 · Unknown · Ucrm Client Signup Plugin

Name of the Vulnerable Software and Affected Versions: UCRM Client Signup Plugin versions 1.3.4 and earlier Description: A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS issue could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious...

7.5CVSS6.8AI score0.00146EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/29 12:0 a.m.2 views

Ubiquiti UCRM Client Signup Plugin 安全漏洞

Ubiquiti UCRM Client Signup Plugin is a plugin from Ubiquiti USA, Inc. that is used to implement customer signup functionality and integration with the UCRM system. A security vulnerability exists in Ubiquiti UCRM Client Signup Plugin version 1.3.4 and prior versions, which stems from...

7.5CVSS7.5AI score0.00146EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:30 a.m.9 views

CVE-2024-6926

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS7.2AI score0.03292EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:28 a.m.10 views

CVE-2024-6927

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00351EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:22 a.m.3 views

CVE-2024-1386

The MailerLite – Signup forms official plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions 1.5.0 to 1.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS5.2AI score0.00424EPSS
Exploits0References1
OSV
OSV
added 2024/09/04 6:15 a.m.5 views

CVE-2024-6926

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

9.8CVSS5.8AI score0.03292EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.3 views

WordPress plugin Viral Signup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS7.6AI score0.03292EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/09/03 12:0 a.m.7 views

PT-2024-37964 · WordPress · Viral Signup

Name of the Vulnerable Software and Affected Versions: Viral Signup WordPress plugin versions 2.1 and earlier Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated user...

9.8CVSS7.3AI score0.03292EPSS
Exploits1References8
Patchstack
Patchstack
added 2024/08/29 12:23 p.m.5 views

WordPress Viral Signup plugin <= 2.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Viral Signup versions = 2.1...

4.8CVSS6.1AI score0.00351EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/08/29 11:15 a.m.6 views

CVE-2024-6927

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00351EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.6 views

PT-2024-37965 · WordPress · Viral Signup

Name of the Vulnerable Software and Affected Versions: Viral Signup WordPress plugin versions 2.1 and earlier Description: The issue concerns the Viral Signup WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege users, such as...

4.8CVSS5.6AI score0.00351EPSS
Exploits1References8
Rows per page
Query Builder