Lucene search
+L

80 matches found

OSV
OSV
added 2024/03/06 11:11 a.m.18 views

BIT-WORDPRESS-2020-28038

WordPress before 5.5.2 allows stored XSS via post slugs...

6.1CVSS7.2AI score0.02611EPSS
Exploits0References8
OSV
OSV
added 2024/03/06 11:11 a.m.15 views

BIT-WORDPRESS-MULTISITE-2020-28038

WordPress before 5.5.2 allows stored XSS via post slugs...

6.1CVSS7.2AI score0.02611EPSS
Exploits0References8
OSV
OSV
added 2024/02/29 1:43 a.m.4 views

CVE-2024-0620

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for...

5.3CVSS7.3AI score0.00486EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.11 views

PT-2024-15692 · WordPress · The Passster

Name of the Vulnerable Software and Affected Versions: The Passster – Password Protect Pages and Content plugin for WordPress versions up to, and including, 4.2.6.2 Description: The issue allows unauthenticated attackers to obtain sensitive information, including post titles, slugs, IDs, content,...

5.3CVSS6.3AI score0.00486EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/01/10 12:0 a.m.3 views

WordPress Seraphinite Alternative Slugs Manager Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Seraphinite Alternative Slugs Manager Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 55144db568c7 Credits WordFence...

7AI score
Exploits0References2Affected Software1
NVD
NVD
added 2023/11/22 4:15 p.m.32 views

CVE-2023-4686

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...

4.3CVSS0.00524EPSS
Exploits0References3
Prion
Prion
added 2023/11/22 4:15 p.m.25 views

Information disclosure

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...

4CVSS6.7AI score0.00524EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/22 3:33 p.m.15 views

CVE-2023-4686 WP Customer Reviews <= 3.6.6 - Authenticated (Subscriber+) Sensitive Information Exposure

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...

4.3CVSS6.6AI score0.00524EPSS
Exploits0References3
OSV
OSV
added 2023/11/16 7:15 p.m.3 views

CVE-2023-47511

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SO WP Pinyin Slugs plugin = 2.3.0 versions...

4.8CVSS7.3AI score0.00394EPSS
Exploits0References1
NVD
NVD
added 2023/11/16 7:15 p.m.20 views

CVE-2023-47511

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SO WP Pinyin Slugs plugin = 2.3.0 versions...

5.9CVSS0.00394EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/16 6:16 p.m.36 views

CVE-2023-47511 WordPress Pinyin Slugs Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SO WP Pinyin Slugs plugin = 2.3.0 versions...

5.9CVSS5.5AI score0.00394EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/16 6:16 p.m.9 views

CVE-2023-47511 WordPress Pinyin Slugs Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SO WP Pinyin Slugs plugin = 2.3.0 versions...

5.9CVSS5.8AI score0.00394EPSS
Exploits0References1
CVE
CVE
added 2023/11/16 6:16 p.m.71 views

CVE-2023-47511

CVE-2023-47511 affects the WordPress plugin SO WP Pinyin Slugs, vulnerable to an authenticated Stored XSS in versions &lt;= 2.3.0. The issue requires admin-level privileges (admin+) and, per Patchstack, was fixed in version 2.3.1. Public sources (NVD and patch info) describe the CVSS vector as in...

5.9CVSS5.1AI score0.00394EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/16 12:0 a.m.4 views

PT-2023-30474 · WordPress · So Wp Pinyin Slugs

Name of the Vulnerable Software and Affected Versions: SO WP Pinyin Slugs plugin versions prior to 2.3.0 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For SO WP Pinyin Slugs plugin version...

5.9CVSS5.3AI score0.00394EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/16 12:0 a.m.3 views

WordPress Plugin Pinyin Slugs Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.9CVSS6.6AI score0.00394EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/11/07 12:0 a.m.8 views

WordPress Pinyin Slugs Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Pinyin Slugs Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-47511 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1f3f38b0df7f Credits yuyudhn Required privilege...

5.9CVSS5.8AI score0.00394EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/10/19 2:15 a.m.6 views

CVE-2023-4645

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the aiajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs including those of protected posts along with their...

5.3CVSS6.5AI score0.00642EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/10/19 1:53 a.m.27 views

CVE-2023-4645 Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the aiajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs including those of protected posts along with their...

5.3CVSS5.6AI score0.00642EPSS
Exploits0References3
OSV
OSV
added 2023/07/10 4:15 p.m.3 views

CVE-2023-2495

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF...

4.3CVSS7.3AI score0.00267EPSS
Exploits2References1
NVD
NVD
added 2023/07/10 4:15 p.m.26 views

CVE-2023-2495

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF...

4.3CVSS4.7AI score0.00267EPSS
Exploits2References1
Rows per page
Query Builder