Lucene search
+L

11 matches found

nvd
nvd
added 2026/06/15 9:16 p.m.13 views

CVE-2026-42411

Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...

8.1CVSS0.00405EPSS
Exploits0References1
patchstack
patchstack
added 2026/05/28 8:57 a.m.12 views

WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by 0xzenko in WordPress Plugin CloudSecure WP Security versions = 1.4.7...

8.1CVSS5.8AI score0.00405EPSS
Exploits0Affected Software1
cve
cve
added 2026/03/05 12:26 p.m.56 views

CVE-2026-2599

CVE-2026-2599 : The WordPress plugin cluster “Database for Contact Form 7, WPforms, Elementor forms” is affected by an unauthenticated PHP Object Injection via deserialization in the download_csv function (vulnerable through 1.4.7). The vulnerability alone has no impact unless a PHP Object Payloa...

9.8CVSS6.2AI score0.00519EPSS
Exploits0References4
patchstack
patchstack
added 2026/03/02 11:41 a.m.7 views

WordPress VW Pet Shop theme <= 1.4.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Theme VW Pet Shop versions = 1.4.7...

5.3CVSS5.8AI score0.00233EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2025/12/31 3:28 p.m.9 views

WordPress AI Copilot plugin <= 1.5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin AI Copilot versions = 1.5.0...

5.3CVSS5.2AI score0.0018EPSS
Exploits0Affected Software1
redhatcve
redhatcve
added 2025/12/14 4:6 a.m.10 views

CVE-2025-13089

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hidefields' and the 'attrsearch' parameter in all versions up to, and including, 1.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.5CVSS6.8AI score0.00317EPSS
Exploits0References1
osv
osv
added 2025/11/13 10:15 a.m.7 views

CVE-2025-64271

Cross-Site Request Forgery CSRF vulnerability in HasThemes WP Plugin Manager wp-plugin-manager allows Cross Site Request Forgery.This issue affects WP Plugin Manager: from n/a through = 1.4.7...

6.5CVSS5.8AI score0.00105EPSS
Exploits0References1
cve
cve
added 2025/11/13 9:24 a.m.13 views

CVE-2025-64271

CVE-2025-64271 describes a Cross-Site Request Forgery (CSRF) vulnerability in HasThemes WP Plugin Manager (wp-plugin-manager) affecting version range up to and including 1.4.7. The issue arises from insufficient validation of requests from trusted users, enabling authenticated actions to be spoof...

6.5CVSS6.5AI score0.00105EPSS
Exploits0References1Affected Software1
cve
cve
added 2025/05/07 7:38 a.m.54 views

CVE-2025-0667

The CVE-2025-0667 issue is a Stored XSS in BOINC Server caused by improper neutralization of input during web page generation. Affected are BOINC Server releases up to and including 1.4.7; the vulnerability stems from the pm.php path and can enable stored XSS without user interaction beyond visit...

8.7CVSS6.4AI score0.00211EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2025/05/07 12:0 a.m.4 views

BOINC Server 安全漏洞

BOINC Server is an open source distributed computing platform server from the US-based BOINC organization for creating and managing volunteer computing projects. A security vulnerability exists in BOINC Server version 1.4.7 and earlier, which stems from improper input neutralization during web pa...

7CVSS5.8AI score0.00211EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/02/05 12:54 p.m.15 views

CVE-2024-43327

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7...

7.1CVSS6.8AI score0.0029EPSS
Exploits0
Rows per page
Query Builder