Lucene search
K

1350 matches found

ATTACKERKB
ATTACKERKB
added 2022/11/29 9:15 p.m.3 views

CVE-2022-3991

The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

6.4CVSS6.2AI score0.00627EPSS
Exploits1References3
OSV
OSV
added 2022/11/29 9:15 p.m.4 views

CVE-2022-3991

The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

5.4CVSS5.9AI score0.00627EPSS
Exploits1References2
NVD
NVD
added 2022/11/29 9:15 p.m.27 views

CVE-2022-3995

The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00556EPSS
Exploits0References3
Prion
Prion
added 2022/11/29 9:15 p.m.18 views

Input validation

The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...

4CVSS4.4AI score0.00556EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/11/29 9:15 p.m.15 views

Cross site scripting

The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

4.9CVSS5.1AI score0.00627EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/05/10 8:15 p.m.5 views

CVE-2022-1463

The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the bookingflextimeline shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site...

8.8CVSS7.4AI score0.0171EPSS
Exploits2References1
NVD
NVD
added 2022/05/10 8:15 p.m.29 views

CVE-2022-1463

The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the bookingflextimeline shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site...

8.8CVSS0.0171EPSS
Exploits2References1
Prion
Prion
added 2022/02/18 6:15 p.m.20 views

Out-of-bounds

The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin versions = 2.0.4...

4CVSS4.6AI score0.00631EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/03/13 4:15 p.m.21 views

Information disclosure

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal...

6.5CVSS6.4AI score0.01091EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/03/13 3:48 p.m.30 views

CVE-2020-10195

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal...

6.5AI score0.01091EPSS
Exploits1References2
Rows per page
Query Builder