Lucene search
K

17 matches found

Patchstack
Patchstack
added 2025/12/15 1:30 p.m.5 views

WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Sitewide Notice WP versions = 2.4.1...

5.3CVSS7AI score0.00277EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/10 2:23 p.m.2 views

CVE-2025-67575

Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...

5.3CVSS7AI score0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.2 views

EUVD-2025-201948

Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...

5.3CVSS6.5AI score0.00277EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:18 p.m.5 views

CVE-2025-67575

Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...

5.3CVSS0.00277EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:14 p.m.9 views

CVE-2025-67575

CVE-2025-67575 affects the WordPress plugin Sitewide Notice WP. The vulnerability is described as Missing Authorization, allowing unauthorized access to the plugin’s functionality. The initial details indicate the affected release range is Sitewide Notice WP: from n/a through &lt;= 2.4.1, with a ...

5.3CVSS6.6AI score0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:14 p.m.22 views

CVE-2025-67575 WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...

5.3CVSS0.00277EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 2:14 p.m.3 views

CVE-2025-67575 WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...

6.6AI score0.00277EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.1 views

WordPress plugin Sitewide Notice WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Sitewide Notice A...

5.3CVSS5.8AI score0.00277EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.2 views

PT-2025-49949

Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...

5.3CVSS7AI score0.00277EPSS
Exploits0References3
OSV
OSV
added 2021/08/30 3:15 p.m.2 views

CVE-2021-24592

The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2021/08/30 3:15 p.m.9 views

CVE-2021-24592

The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00617EPSS
Exploits2References1
Prion
Prion
added 2021/08/30 3:15 p.m.14 views

Cross site scripting

The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.8AI score0.00617EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/08/30 2:11 p.m.21 views

CVE-2021-24592 Sitewide Notice WP < 2.3 - Authenticated Stored XSS

The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.1AI score0.00617EPSS
Exploits2References1
CVE
CVE
added 2021/08/30 2:11 p.m.48 views

CVE-2021-24592

CVE-2021-24592 affects the WordPress Sitewide Notice WP plugin prior to version 2.3. The issue arises because the plugin does not sufficiently sanitize certain settings before rendering them on frontend pages, enabling Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_html i...

4.8CVSS4.8AI score0.00617EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/08/30 12:0 a.m.2 views

WordPress 插件跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. WordPress plugin Sitewide Notice before version 2.3 has a cross-site scripting vulnerability, the vulnerability stems from the plugin in its content output to the front-end page before the plugin does not validate and escape som...

4.8CVSS4.9AI score0.00617EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/08/02 12:0 a.m.18 views

Sitewide Notice WP < 2.3 - Authenticated Stored XSS

The plugin does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Message setting of the plugin: The XSS will ...

4.8CVSS1.4AI score0.00617EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2021/08/02 12:0 a.m.18 views

WordPress Sitewide Notice WP <= 2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Sitewide Notice WP versions = 2.2. Solution Update the WordPress Sitewide Notice WP to the latest available version at least 2.3...

4.8CVSS2.1AI score0.00617EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder