Lucene search
K

94 matches found

WPVulnDB
WPVulnDB
added 2022/12/23 12:0 a.m.5 views

WP Spell Check < 9.13 - Ignored Word Deletion via CSRF

The plugin does not have CSRF check in place when deleting ignored words, allowing attacker to make a logged in admin delete them via a CSRF attack PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=wp-spellcheck-ignore.php=4...

1.6AI score
Exploits0Affected Software1
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.104 views

WP Spell Check < 9.13 - Ignored Word Deletion via CSRF

The plugin does not have CSRF check in place when deleting ignored words, allowing attacker to make a logged in admin delete them via a CSRF attack Make a logged in admin open https://example.com/wp-admin/admin.php?page=wp-spellcheck-ignore.php&delete=4...

2AI score
Exploits0
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.102 views

WP Spell Check < 9.13 - Admin+ Stored Cross-Site Scripting

The plugin does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Add a word to ignore via...

4.8CVSS0.7AI score0.0047EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/12/23 12:0 a.m.16 views

WP Spell Check < 9.13 - Admin+ Stored Cross-Site Scripting

The plugin does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Add a word to ignore via...

4.8CVSS2.9AI score0.0047EPSS
Exploits2Affected Software1
Ubuntu
Ubuntu
added 2022/06/06 3:50 p.m.387 views

USN-5460-1: Vim vulnerabilities

It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. CVE-2022-0554 It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs...

8.8CVSS7.7AI score0.26583EPSS
Exploits10
Positive Technologies
Positive Technologies
added 2021/10/29 12:0 a.m.3 views

PT-2021-7387 · Vim +6 · Vim +6

Name of the Vulnerable Software and Affected Versions: Vim affected versions not specified Description: The issue is related to the spell iswordp function in the spell.c component of the Vim text editor, which lacks a check for an empty preword. This allows an attacker to access confidential data...

9.8CVSS7.4AI score0.26583EPSS
Exploits118References584
wpexploit
wpexploit
added 2021/10/25 12:0 a.m.471 views

WP Spell Check < 9.3 - Reflected Cross-Site Scripting

The plugin does not escape the page and wpsc-scan-tab parameters before outputting them back in attributes, leading Reflected Cross-Site Scripting issues alert/XSS/' / alert/XSS/' /...

Exploits0
WPVulnDB
WPVulnDB
added 2021/10/25 12:0 a.m.12 views

WP Spell Check < 9.3 - Reflected Cross-Site Scripting

The plugin does not escape the page and wpsc-scan-tab parameters before outputting them back in attributes, leading Reflected Cross-Site Scripting issues PoC...

1.6AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2021/10/25 12:0 a.m.10 views

WordPress WP Spell Check plugin <= 9.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress WP Spell Check plugin versions = 9.2. Solution Update the WordPress WP Spell Check plugin to the latest available version at least 9.3...

2AI score
Exploits0References2Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2021/06/28 12:0 a.m.56 views

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:0938-1 Rating: important References: 1187141 1187481 Cross-References: CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547 CVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551 CVE-2021-30552...

8.8CVSS9.5AI score0.64701EPSS
Exploits1References2
OPENSUSE Linux
OPENSUSE Linux
added 2021/06/16 12:0 a.m.66 views

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:0881-1 Rating: important References: 1187141 Cross-References: CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547 CVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551 CVE-2021-30552...

8.8CVSS7AI score0.64701EPSS
Exploits1References1
NVD
NVD
added 2021/06/15 10:15 p.m.14 views

CVE-2021-30549

Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS0.00931EPSS
Exploits0References5
OSV
OSV
added 2021/06/15 10:15 p.m.3 views

DEBIAN-CVE-2021-30549

Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.1AI score0.00931EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/06/15 10:15 p.m.32 views

CVE-2021-30549

Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.2AI score0.00931EPSS
Exploits0References1
OSV
OSV
added 2021/06/15 10:15 p.m.1 views

UBUNTU-CVE-2021-30549

Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.3AI score0.00931EPSS
Exploits0References2
Prion
Prion
added 2021/06/15 10:15 p.m.21 views

Design/Logic Flaw

Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS8.8AI score0.00931EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2021/06/15 9:40 p.m.25 views

CVE-2021-30549

Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

9.1AI score0.00931EPSS
Exploits0References5
CVE
CVE
added 2021/06/15 9:40 p.m.253 views

CVE-2021-30549

CVE-2021-30549 is a use-after-free in Chromium’s Spell check component affecting Chromium-based browsers up to version 91.0.4472.101. The vulnerability can be triggered when a user installs a malicious extension, potentially enabling heap corruption and remote code execution via a crafted HTML pa...

8.8CVSS8.8AI score0.00931EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2021/06/15 9:40 p.m.58 views

CVE-2021-30549

Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9AI score0.00931EPSS
Exploits0
Debian CVE
Debian CVE
added 2021/06/15 9:40 p.m.35 views

CVE-2021-30549

Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.6AI score0.00931EPSS
Exploits0
Rows per page
Query Builder