Lucene search
K

25 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-12517

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...

5.3CVSS0.00187EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2026-12517

CVE-2026-12517 : The Fediverse Embeds WordPress plugin is vulnerable to a Server-Side Request Forgery (SSRF) because the destination of a server-side request from the unauthenticated site-info endpoint is not validated. This allows anonymous users to trigger requests to internal/private network U...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42513

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-12517 Fediverse Embeds < 1.5.8 - Unauthenticated SSRF via Site Info Endpoint

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...

0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 5:15 p.m.10 views

EUVD-2026-36270

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wpajaxnoprivftfgetsiteinfo includes/SiteInfo.php that verified a nonce ftf-fediverse-embeds-nonce and then called filegethtml$siteurl on the...

5.3CVSS5.4AI score0.00229EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 5:15 p.m.3 views

CVE-2026-46698 Fediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX action

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wpajaxnoprivftfgetsiteinfo includes/SiteInfo.php that verified a nonce ftf-fediverse-embeds-nonce and then called filegethtml$siteurl on the...

5.3CVSS5.9AI score0.00229EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.25 views

PT-2026-48698

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp ajax nopriv ftf get site info includes/Site Info.php that verified a nonce ftf-fediverse-embeds-nonce and then called file get html$site url on the...

5.3CVSS5.3AI score0.00229EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26911

Malicious code in bioql PyPI...

2.7CVSS6.5AI score0.00224EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-43721

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.02056EPSS
Exploits1References1
NVD
NVD
added 2025/09/05 2:16 p.m.14 views

CVE-2025-58866

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info site-info-dashboard-widget allows Retrieve Embedded Sensitive Data.This issue affects Site Info: from n/a through = 1.1...

2.7CVSS0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/05 1:45 p.m.4 views

CVE-2025-58866 WordPress Site Info Plugin <= 1.1 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info site-info-dashboard-widget allows Retrieve Embedded Sensitive Data.This issue affects Site Info: from n/a through = 1.1...

2.7CVSS5.9AI score0.00224EPSS
Exploits0References1
CVE
CVE
added 2025/09/05 1:45 p.m.17 views

CVE-2025-58866

CVE-2025-58866 affects WordPress Site Info (Site Info Dashboard Widget)

2.7CVSS5.9AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/05 1:45 p.m.14 views

CVE-2025-58866 WordPress Site Info Plugin <= 1.1 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info site-info-dashboard-widget allows Retrieve Embedded Sensitive Data.This issue affects Site Info: from n/a through = 1.1...

2.7CVSS0.00224EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/05 1:41 p.m.8 views

WordPress Site Info Plugin <= 1.1 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Bao BlueRock in WordPress Plugin Site Info versions = 1.1...

2.7CVSS6.7AI score0.00224EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.7 views

PT-2025-36205

Name of the Vulnerable Software and Affected Versions: Rami Yushuvaev Site Info versions n/a through 1.1 Description: A vulnerability exists in Rami Yushuvaev Site Info that allows the retrieval of embedded sensitive data, potentially exposing sensitive system information to an unauthorized contr...

2.7CVSS6AI score0.00224EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.9 views

WordPress plugin Site Info security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

2.7CVSS5.8AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2024/04/01 4:15 p.m.4 views

CVE-2024-30867

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/editvirtualsiteinfo.php...

9.8CVSS5.8AI score0.00696EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/01 12:0 a.m.2 views

PT-2024-23645 · Netentsec · Netentsec Ns-Asg

Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue is related to SQL Injection, which can be exploited via the /admin/edit virtual site info.php API endpoint. Recommendations: For netentsec NS-ASG version 6.3, consider restricting access to...

9.8CVSS6.9AI score0.00696EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/04/01 12:0 a.m.8 views

NetentSec NS-ASG 安全漏洞

NetentSec NS-ASG is an application security gateway from China NetentSec. A security vulnerability exists in NetentSec NS-ASG version 6.3, which originates from an SQL injection vulnerability in the /admin/editvirtualsiteinfo.php file...

9.8CVSS7.9AI score0.00696EPSS
Exploits1References2
0day.today
0day.today
added 2020/03/30 12:0 a.m.199 views

Odin Secure FTP Expert 7.6.3 - (Site Info) Denial of Service Exploit

Exploit Title: Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service PoC Discovery by: Ivan Marmolejo Vendor Homepage: https://odin-secure-ftp-expert.jaleco.com/ Software Link Download : http://tr.oldversion.com/windows/odin-secure-ftp-expert-7-6-3 Version : Odin Secure FTP Expert 7.6.3...

7.4AI score
Exploits0
Rows per page
Query Builder