Lucene search
+L

1352 matches found

prion
prion
added 2023/11/07 11:15 a.m.17 views

Design/Logic Flaw

The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmapdeleteareaajax' function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4CVSS6.8AI score0.00403EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/11/07 11:1 a.m.30 views

CVE-2023-5506 ImageMapper <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page/Post Deletion via imgmap_delete_area_ajax

The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmapdeleteareaajax' function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

5.4CVSS5.5AI score0.00403EPSS
Exploits0References2
wpvulndb
wpvulndb
added 2023/11/07 12:0 a.m.19 views

wpDiscuz < 7.6.12 - Missing Authorization in AJAX Actions

Description The plugin is vulnerable to unauthorized use of functionality due to a missing capability check on functions corresponding to AJAX actions in versions up to, and including, 7.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to view user...

6.1AI score0.004EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2023/11/03 12:0 a.m.11 views

Post Meta Data Manager < 1.2.1 - Subscriber+ Privilege Escalation

Description The plugin does not properly implement capability checks on certain functions, which results in potential unauthorized modification of data. As a result, authenticated users with subscriber-level permissions can potentially gain elevated privileges...

8.8CVSS7AI score0.00536EPSS
Exploits0References1Affected Software1
githubexploit
githubexploit
added 2023/10/31 9:26 a.m.18 views

Exploit for CVE-2023-5412

CVE-2023-5412 Image horizontal reel scroll slideshow = 13...

8.8CVSS8.3AI score0.01486EPSS
Exploits2
nvd
nvd
added 2023/10/31 9:15 a.m.16 views

CVE-2023-5438

The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS8.7AI score0.0079EPSS
Exploits1References3
osv
osv
added 2023/10/31 9:15 a.m.4 views

CVE-2023-5433

The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticate...

6.5CVSS5.8AI score0.00797EPSS
Exploits1References3
osv
osv
added 2023/10/31 9:15 a.m.4 views

CVE-2023-5435

The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

6.5CVSS5.8AI score0.0079EPSS
Exploits1References3
nvd
nvd
added 2023/10/31 9:15 a.m.28 views

CVE-2023-5430

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS8.6AI score0.00797EPSS
Exploits1References3
osv
osv
added 2023/10/31 9:15 a.m.4 views

CVE-2023-5434

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS5.9AI score0.00797EPSS
Exploits1References3
osv
osv
added 2023/10/31 9:15 a.m.3 views

CVE-2023-5412

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS5.8AI score0.01486EPSS
Exploits2References3
prion
prion
added 2023/10/31 9:15 a.m.21 views

Sql injection

The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4CVSS7.1AI score0.0079EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2023/10/31 8:32 a.m.32 views

CVE-2023-5436 Vertical marquee plugin <= 7.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS8.8AI score0.00797EPSS
Exploits1References3
cvelist
cvelist
added 2023/10/31 8:32 a.m.31 views

CVE-2023-5430 Jquery news ticker <= 3.0 - Authenticated (Subscriber+) SQL Injection via Shortcode

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS8.8AI score0.00797EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2023/10/31 8:32 a.m.10 views

CVE-2023-5435 Up down image slideshow gallery <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode

The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

8.8CVSS6.9AI score0.0079EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2023/10/31 12:0 a.m.9 views

PT-2023-32102 · WordPress · Message Ticker Plugin

Name of the Vulnerable Software and Affected Versions: Message ticker plugin for WordPress versions up to, and including, 9.2 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query, allowing authenticate...

8.8CVSS6.9AI score0.00797EPSS
Exploits1References6
nvd
nvd
added 2023/10/30 2:15 p.m.25 views

CVE-2023-5199

The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute cod...

9.9CVSS9.8AI score0.01383EPSS
Exploits1References2
osv
osv
added 2023/10/30 2:15 p.m.5 views

CVE-2023-5250

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...

8.8CVSS7.8AI score0.01107EPSS
Exploits0References2
prion
prion
added 2023/10/30 2:15 p.m.21 views

Sql injection

The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS8.6AI score0.00565EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/10/30 1:48 p.m.25 views

CVE-2023-5315 Google Maps made Simple <= 0.6 - Authenticated (Subscriber+) SQL Injection via Shortcode

The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS8.8AI score0.00565EPSS
Exploits0References2
Rows per page
Query Builder