Lucene search
K

6 matches found

CVE
CVE
added 2025/11/03 2:26 p.m.19 views

CVE-2025-8900

CVE-2025-8900 : The Doccure Core WordPress plugin is vulnerable to unauthenticated privilege escalation in versions up to but not including 1.5.4. The flaw allows users registering new accounts to set their own role (via the user_type field), enabling an unauthenticated attacker to create an admi...

9.8CVSS6.2AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/14 6:0 a.m.7 views

CVE-2025-7808 WP Shopify < 1.5.4 - Reflected XSS

The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.0021EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-8351

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be...

9CVSS7.6AI score0.37032EPSS
Exploits4References1
CNNVD
CNNVD
added 2023/09/22 12:0 a.m.5 views

Roundcube Webmail Cross-Site Scripting Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.4.14, versions prior to 1.5.4, and versions prior to 1.6.3, which stems from a...

6.1CVSS6.6AI score0.58483EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2021/11/01 12:0 a.m.5 views

PT-2021-16195 · WordPress · Flat Preloader

Name of the Vulnerable Software and Affected Versions: Flat Preloader WordPress plugin versions prior to 1.5.4 Description: The issue arises from the lack of nonce checks when saving settings and the failure to sanitise and escape them, which could allow attackers to make logged-in admins change...

5.4CVSS5.3AI score0.00491EPSS
Exploits2References6
OSV
OSV
added 2020/02/19 3:15 p.m.1 views

DEBIAN-CVE-2012-6685

Nokogiri before 1.5.4 is vulnerable to XXE attacks...

7.5CVSS6.5AI score0.02115EPSS
Exploits1References1
Rows per page
Query Builder