Lucene search
K

80 matches found

Cvelist
Cvelist
added 2025/02/28 8:23 a.m.39 views

CVE-2024-9193 WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS0.03111EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/22 8:22 p.m.19 views

CVE-2025-27098

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...

7.5CVSS6.8AI score0.00336EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/20 8:13 p.m.42 views

CVE-2025-27098 Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler in graphql-mesh

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...

5.8CVSS0.00336EPSS
Exploits1References1
CVE
CVE
added 2025/02/20 8:13 p.m.100 views

CVE-2025-27098

GraphQL Mesh exposes a path traversal vulnerability in its staticFiles handler. When serve.staticFiles is configured, the code path does not reliably constrain absolutePath to the staticFiles directory, allowing access to files outside the intended directory. Affects GraphQL Mesh and related CLI/...

7.5CVSS5.7AI score0.00336EPSS
Exploits1References1Affected Software2
NVD
NVD
added 2025/02/12 10:15 a.m.28 views

CVE-2024-12296

The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'importpageoptions' function in all versions up to, and including, 2.4. This makes it possible for authenticated attackers, wit...

8.8CVSS0.005EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 1:28 a.m.5 views

CVE-2024-11725

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings function in all versions up to, and including, 3.7.6. This makes it...

8.8CVSS7.1AI score0.00503EPSS
Exploits0References1
OSV
OSV
added 2025/01/30 2:15 p.m.4 views

CVE-2024-10591

The MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hubwoosaveupdates function in all version...

8.8CVSS7.4AI score0.00448EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/27 10:5 p.m.4 views

WordPress Youzify plugin <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by Stiofan in WordPress Plugin Youzify versions = 1.3.4...

4.3CVSS7AI score0.00331EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/01/25 7:24 a.m.19 views

CVE-2024-13370 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license)

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the saveaddonkeylicense function in all versions up to, and including, 1.3.3. This makes it possible fo...

6.5CVSS0.00386EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/11/26 12:26 a.m.5 views

WordPress Leopard plugin <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin Leopard - WordPress offload media versions = 3.1.1...

9.8CVSS7AI score0.00473EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.4 views

WordPress plugin Booking & Appointment Plugin for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS8.1AI score0.00516EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.5 views

WordPress plugin Facebook Chat 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control...

7.4CVSS6.6AI score0.00339EPSS
Exploits0References2
OSV
OSV
added 2024/07/17 7:15 a.m.14 views

CVE-2024-6660

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...

8.8CVSS5.7AI score0.00621EPSS
Exploits0References5
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.250 views

Ultimate Noindex Nofollow Tool II < 1.3.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Settings Ultimate Noindex" 2...

5.7AI score0.00266EPSS
Exploits2
Prion
Prion
added 2024/01/11 9:15 a.m.33 views

Design/Logic Flaw

The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycachesavevarniship, speedycacheimgupdatesettings, speedycachepreloadingaddsettings, and speedycachepreloadingdeleteresource functions in all versions up to, and...

4CVSS6.7AI score0.00358EPSS
Exploits0References2Affected Software1
Kaspersky
Kaspersky
added 2023/12/12 12:0 a.m.32 views

KLA62391 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft Outlook can be exploited remotely ...

6.5CVSS7AI score0.17559EPSS
Exploits1References8
WPVulnDB
WPVulnDB
added 2023/10/30 12:0 a.m.6 views

Deeper Comments <= 2.1.1 - Subscriber+ Arbitrary Options Update

Description The plugin does not have authorisation in its updateoptions AJAX action, allowing any authenticated users, such as subscribers to update arbitrary blog options like defaultrole etc...

7AI score
Exploits0References2
OSV
OSV
added 2023/10/20 8:15 a.m.6 views

CVE-2021-4334

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpdupdateoptions function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissio...

8.8CVSS5.6AI score0.00673EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/10 12:0 p.m.19 views

CVE-2015-10120 WDS Multisite Aggregate Plugin WDS_Multisite_Aggregate_Options.php update_options cross site scripting

A vulnerability, which was classified as problematic, was found in WDS Multisite Aggregate Plugin up to 1.0.0 on WordPress. Affected is the function updateoptions of the file includes/WDSMultisiteAggregateOptions.php. The manipulation leads to cross site scripting. It is possible to launch the...

4CVSS6.1AI score0.00546EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/10 12:0 a.m.4 views

PT-2023-10298 · WordPress · Wds Multisite Aggregate Plugin

Name of the Vulnerable Software and Affected Versions: WDS Multisite Aggregate Plugin versions up to 1.0.0 Description: A problematic issue was found in the WDS Multisite Aggregate Plugin, affecting the update options function of the file includes/WDS Multisite Aggregate Options.php. This issue...

6.1CVSS4.2AI score0.00546EPSS
Exploits0References4
Rows per page
Query Builder