Lucene search
K

140 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/30 12:0 a.m.73 views

JVN#42543427: WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization

WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains a missing authorization vulnerability CWE-862. Impact Users of this product Editor, Author, Contributor may view the information on the database without the access permission. Solution Update the plugin Update the...

6.5CVSS6.4AI score0.01437EPSS
Exploits0
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress Blocked in China – Check if your site is available in the mainland plugin <= 1.0.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Blocked in China – Check if your site is available in the mainland plugin versions = 1.0.2. Solution Update the WordPress Blocked in China – Check if your site is available in the mainland plugin to the latest available versio...

2.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress Product Carousel For WooCommerce – WoorouSell plugin < 1.0.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Product Carousel For WooCommerce – WoorouSell plugin versions 1.0.9. Solution Update the WordPress Product Carousel For WooCommerce – WoorouSell plugin to the latest available version at least 1.0.9...

3.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.7 views

WordPress Floating Social Share Icons and Social Share buttons – Next Previous Post Links – FL plugin <= 3.5.9 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Floating Social Share Icons and Social Share buttons – Next Previous Post Links – FL plugin versions = 3.5.9. Solution Update the WordPress Floating Social Share Icons and Social Share buttons – Next Previous Post Links – FL...

2.7AI score
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/08 4:45 a.m.17 views

WordPress Plugin "Software License Manager" vulnerable to cross-site request forgery

Overview WordPress Plugin "Software License Manager" provided by Tips and Tricks HQ contains a cross-site request forgery vulnerability CWE-352. Koken Tokuda of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University. reported this vulnerability to...

8.8CVSS6.6AI score0.00871EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/06 5:50 a.m.2 views

WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" vulnerable to cross-site request forgery

Overview WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" provided by codemiq contains a cross-site request forgery vulnerability CWE-352. Konan Nagashima of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this...

8.8CVSS6.4AI score0.0087EPSS
Exploits0References6
0day.today
0day.today
added 2021/06/28 12:0 a.m.64 views

WordPress YOP Polls 6.2.7 Plugin - Stored Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin YOP Polls 6.2.7 - Stored Cross Site Scripting XSS Exploit Author: inspired - Toby Jackson Vendor Homepage: https://yop-poll.com/ Blog Post: https://www.in-spired.xyz/discovering-wordpress-plugin-yop-polls-v6-2-7-stored-xss/ Software Link:...

0.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/27 12:0 a.m.70 views

JVN#35240327: WordPress plugin "WP Fastest Cache" vulnerable to directory traversal

WordPress plugin "WP Fastest Cache" provided by Emre Vona contains a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be deleted by a user with an administrative privilege. Solution Update the plugin Update the plugin according to the information provided by the...

6.5CVSS6.3AI score0.02625EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/05 7:24 a.m.5 views

WordPress Plugin "Name Directory" vulnerable to cross-site request forgery

Overview WordPress Plugin "Name Directory" provided by J. Peters contains a cross-site request forgery vulnerability CWE-352. Yuta Asai of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to the developer and...

8.8CVSS6.6AI score0.0084EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/05 12:0 a.m.68 views

JVN#50470170: WordPress Plugin "Name Directory" vulnerable to cross-site request forgery

WordPress Plugin "Name Directory" provided by J. Peters contains a cross-site request forgery vulnerability CWE-352. Impact If a user with an administrative privilege views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin...

8.8CVSS8.7AI score0.0084EPSS
Exploits0
Patchstack
Patchstack
added 2020/12/21 12:0 a.m.10 views

WordPress Limit Login Attempts Reloaded plugin <= 2.17.3 - Login Rate Limiting Bypass vulnerability

Login Rate Limiting Bypass vulnerability found by n4nj0 in WordPress Limit Login Attempts Reloaded plugin versions = 2.17.3. Solution Update the WordPress Limit Login Attempts Reloaded plugin to the latest available version at least 2.17.4...

3.4AI score
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/10/21 5:50 a.m.4 views

Multiple vulnerabilities in WordPress Plugin "Simple Download Monitor"

Overview WordPress Plugin "Simple Download Monitor" provided by Tips and Tricks HQ contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5650 SQL Injection CWE-89 - CVE-2020-5651 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the...

8.8CVSS7.7AI score0.01487EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/10/14 6:32 a.m.3 views

WordPress Plugin "Live Chat - Live support" vulnerable to cross-site request forgery

Overview WordPress Plugin "Live Chat - Live support" provided by onWebChat contains a cross-site request forgery vulnerability CWE-352. Yusuke Fukuda of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to the...

8.8CVSS6.5AI score0.00808EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/19 7:7 a.m.5 views

WordPress Plugin "Paid Memberships Pro" vulnerable to SQL injection

Overview WordPress Plugin "Paid Memberships Pro" contains an SQL injection vulnerability CWE-89. Kenichi Okuno of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

7.2CVSS7.5AI score0.0119EPSS
Exploits0References6
OSV
OSV
added 2020/04/14 9:15 p.m.4 views

CVE-2020-8318

A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges...

7.8CVSS5.9AI score0.00405EPSS
Exploits0References1
Prion
Prion
added 2020/04/14 9:15 p.m.23 views

Privilege escalation

A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges...

7.2CVSS7.8AI score0.00405EPSS
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/07 5:49 a.m.3 views

Joomla! plugin "AcyMailing" vulnerable to arbitrary file uploads

Overview Joomla! plugin "AcyMailing" allows an unauthenticated user to upload arbitrary files CWE-434. qw3rTyTy reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Arbitrary PHP code may be executed. Solution...

7.2CVSS7.2AI score0.013EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/02/18 4:42 a.m.5 views

WordPress Plugin "Easy Property Listings" vulnerable to cross-site request forgery

Overview WordPress Plugin "Easy Property Listings" provided by Merv Barrett contains a cross-site request forgery vulnerability CWE-352. Rei Nakahara of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to the...

8.8CVSS6.5AI score0.00818EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/12/12 12:0 a.m.79 views

JVN#26847507: Multiple vulnerabilities in "Custom Body Class"

WordPress Plugin "Custom Body Class" provided by Andrei Lupu contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6029 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...

8.8CVSS7.5AI score0.00937EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/06/24 12:0 a.m.201 views

JVN#49575131: WordPress Plugin ”HTML5 Maps” vulnerable to cross-site request forgery

WordPress Plugin ”HTML5 Maps” provided by Fla-Shop.com contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the information provided b...

8.8CVSS8.5AI score0.01008EPSS
Exploits0
Rows per page
Query Builder