CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

51 matches found

Positive Technologies•added 2025/01/18 12:0 a.m.•2 views

PT-2025-2140 · WordPress · Adifier System

Name of the Vulnerable Software and Affected Versions: Adifier System plugin for WordPress versions up to, and including, 3.1.7 Description: The issue arises from the plugin's failure to properly validate a user's identity before updating their details, such as passwords, through the adifier...

9.8CVSS9.8AI score0.13776EPSS

Exploits0References10

Patchstack•added 2025/01/17 9:8 p.m.•2 views

WordPress Adifier System plugin <= 3.1.7 - Unauthenticated Arbitrary Password Reset vulnerability

Unauthenticated Arbitrary Password Reset vulnerability discovered by Tonn in WordPress Plugin Adifier System versions = 3.1.7...

9.8CVSS7AI score0.13776EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/12/16 12:0 a.m.•2 views

WordPress plugin 畅言评论系统安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security...

4.3CVSS8.1AI score0.00168EPSS

Exploits0References1

Patchstack•added 2024/12/12 9:30 a.m.•3 views

WordPress Banner System plugin <= 1.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ghsinfosec Patchstack Alliance in WordPress Plugin Banner System versions = 1.0.0...

8.2CVSS7AI score0.00172EPSS

Exploits0Affected Software1

Cvelist•added 2024/12/06 8:24 a.m.•10 views

CVE-2024-12003 WP System <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the generatewpsystempagecontent function. This makes it possible for unauthenticated attackers to inject malicious we...

6.1CVSS0.00481EPSS

Exploits0References2

Vulnrichment•added 2024/12/06 8:24 a.m.•5 views

CVE-2024-12003 WP System <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1CVSS6.4AI score0.00481EPSS

Exploits0References2

CVE•added 2024/12/06 8:24 a.m.•46 views

CVE-2024-12003

The CVE-2024-12003 entry concerns the WP System WordPress plugin (versions up to 1.1.1). The advisory states a Cross-Site Request Forgery (CSRF) vulnerability due to missing or incorrect nonce validation in generate_wp_system_page_content(), enabling unauthenticated attackers to inject malicious ...

6.1CVSS5.9AI score0.00481EPSS

Exploits0References2

Patchstack•added 2024/12/05 10:28 p.m.•1 views

WordPress WP System plugin <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin WP System versions = 1.1.1...

6.1CVSS5.9AI score0.00481EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/11/20 12:0 p.m.•24 views

CVE-2024-52437 WordPress Banner System plugin <= 1.0.0 - Privilege Escalation vulnerability

Missing Authentication for Critical Function vulnerability in Saul Morales Pacheco Banner System banner-system allows Privilege Escalation.This issue affects Banner System: from n/a through = 1.0.0...

8.8CVSS0.00187EPSS

Exploits0References1

CNNVD•added 2024/11/09 12:0 a.m.•2 views

WordPress plugin WooCommerce Support Ticket System 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

8.8CVSS8.4AI score0.24483EPSS

Exploits0References2

CNNVD•added 2024/10/29 12:0 a.m.•3 views

WordPress plugin WP Booking System 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

6.5CVSS6.3AI score0.00508EPSS

Exploits0References1

Patchstack•added 2024/10/24 12:0 a.m.•17 views

WordPress WP Booking System Plugin <= 2.0.19.10 is vulnerable to Broken Access Control

Software WP Booking System Type Plugin Vulnerable versions = 2.0.19.10 Fixed in 2.0.19.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-50425 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID ad36b04a505d Credits Trương Hữu Phúc...

6.5CVSS6.5AI score0.00508EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/12/15 3:2 p.m.•16 views

CVE-2023-49187 WordPress Adifier System Plugin < 3.1.4 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4...

7.1CVSS7.2AI score0.00193EPSS

Exploits0References1

CVE•added 2023/04/06 1:59 p.m.•42 views

CVE-2023-25062

CVE-2023-25062 is a stored XSS vulnerability in Pinpoint Booking System for WordPress (plugin versions

5.9CVSS5.1AI score0.01483EPSS

Exploits0References1Affected Software1

NVD•added 2023/03/29 1:15 p.m.•12 views

CVE-2022-47438

Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin = 3.2.3 versions...

5.9CVSS5.4AI score0.00177EPSS

Exploits0References1

CVE•added 2022/09/06 10:19 p.m.•69 views

CVE-2022-37344

The CVE-2022-37344 entry affects the WordPress plugin PHP Crafts Accommodation System (version

9.8CVSS8.8AI score0.00743EPSS

Exploits0References2Affected Software1

OSV•added 2022/09/06 6:15 p.m.•1 views

CVE-2022-34656

Authenticated admin+ Cross-Site Scripting XSS vulnerability in wpdevart Poll, Survey, Questionnaire and Voting system plugin = 1.7.4 at WordPress...

4.8CVSS5.8AI score0.00322EPSS

Exploits0References2

Positive Technologies•added 2022/09/06 12:0 a.m.•3 views

PT-2022-23937 · Unknown · Php Crafts Accommodation System

Name of the Vulnerable Software and Affected Versions: PHP Crafts Accommodation System plugin version 1.0.1 and earlier Description: The issue is related to a Missing Access Control vulnerability. Recommendations: For PHP Crafts Accommodation System plugin version 1.0.1 and earlier, update to a...

9.8CVSS9.2AI score0.00743EPSS

Exploits0References4

CNVD•added 2019/10/17 12:0 a.m.•1 views

WordPress booking-system plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. booking-system is an online booking system plugin used in it. A SQL injection vulnerability exists in the WordPress booking-system...

8.8CVSS8AI score0.0066EPSS

Exploits1References1

Cvelist•added 2019/10/10 3:52 p.m.•16 views

CVE-2015-9460

The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter...

9.3AI score0.0066EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by