Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2025/10/09 6:21 a.m.13 views

CVE-2025-11435

A security vulnerability has been detected in JhumanJ OpnForm up to 1.9.3. Affected by this vulnerability is an unknown functionality of the file /show/submissions. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed publicly and ma...

6.1CVSS5.9AI score0.00364EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/08 5:32 a.m.10 views

CVE-2025-11436 JhumanJ OpnForm answer unrestricted upload

A vulnerability was detected in JhumanJ OpnForm up to 1.9.3. Affected by this issue is some unknown functionality of the file /answer. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The patch is identified as...

6.5CVSS0.00348EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/10/08 5:32 a.m.3 views

CVE-2025-11436 JhumanJ OpnForm answer unrestricted upload

A vulnerability was detected in JhumanJ OpnForm up to 1.9.3. Affected by this issue is some unknown functionality of the file /answer. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The patch is identified as...

6.5CVSS6.5AI score0.00348EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/09/12 11:2 p.m.3 views

CVE-2025-10330 cdevroe unmark searchform.php cross site scripting

A flaw has been found in cdevroe unmark up to 1.9.3. This vulnerability affects unknown code of the file application/views/layouts/topbar/searchform.php. This manipulation of the argument q causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published...

5.3CVSS4AI score0.00385EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/09/12 10:2 p.m.3 views

CVE-2025-10329 cdevroe unmark Marks.php server-side request forgery

A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The...

6.5CVSS6.4AI score0.00396EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/28 3:42 a.m.2 views

CVE-2024-9648 WP ULike Pro <= 1.9.3 - Unauthenticated Limited Arbitrary File Upload

The WP ULike Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the WPUlikeProFileUploader class in all versions up to, and including, 1.9.3. This makes it possible for unauthenticated attackers to upload limited arbitrary files like .php2...

6.1CVSS6.7AI score0.00191EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/08/21 12:35 p.m.5 views

WordPress e-Boekhouden.nl Plugin <= 1.9.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Skalucy in WordPress Plugin e-Boekhouden.nl versions = 1.9.3...

7.1CVSS6AI score0.00219EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/07/22 6:49 a.m.3 views

WordPress Saxon - Viral Content Blog & Magazine Marketing WordPress Theme theme <= 1.9.3 - Local File Inclusion vulnerability

WordPress Saxon - Viral Content Blog & Magazine Marketing WordPress Theme theme = 1.9.3 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Saxon - Viral Content Blog & Magazine Marketing WordPress Theme versions = 1.9.3...

8.1CVSS7AI score0.00395EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/03/27 12:17 p.m.4 views

WordPress AEC Kiosque plugin <= 1.9.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin AEC Kiosque versions = 1.9.3...

7.1CVSS6.1AI score0.00295EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/20 12:0 a.m.4 views

PT-2024-33569 · Dan Alexander · Sermonaudio Widgets

Name of the Vulnerable Software and Affected Versions: Dan Alexander SermonAudio Widgets versions n/a through 1.9.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection,...

8.8CVSS8.5AI score0.00432EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/07/03 6:23 a.m.5 views

WordPress TotalSurvey plugin <= 1.9.3 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin TotalSurvey versions = 1.9.3...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/26 10:20 a.m.6 views

WordPress Arconix FAQ plugin <= 1.9.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Arconix FAQ versions = 1.9.3...

4.3CVSS7AI score0.00346EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/11 9:17 a.m.6 views

WordPress Easy Logo plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Easy Logo versions = 1.9.3...

5.9CVSS6.1AI score0.00319EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/11/12 11:15 p.m.4 views

CVE-2023-27431

Cross-Site Request Forgery CSRF vulnerability in ThemeHunk Big Store theme = 1.9.3 versions...

8.8CVSS7.3AI score0.00312EPSS
Exploits0References1
Rows per page
Query Builder