Lucene search
K

171 matches found

CVE
CVE
added 2023/12/20 5:27 p.m.40 views

CVE-2023-26525

CVE-2023-26525 concerns the WordPress Dokan plugin (Best WooCommerce Multivendor Marketplace) with an SQL Injection vulnerability in versions up to and including 3.7.12. The underlying issue is improper neutralization of input in SQL commands, exploitable by an authenticated attacker with vendor ...

8.1CVSS8.2AI score0.0057EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/20 12:0 a.m.7 views

PT-2023-20701 · Wedevs · Wedevs Dokan

Name of the Vulnerable Software and Affected Versions: weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy versions n/a through 3.7.12 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also...

8.1CVSS8.1AI score0.0057EPSS
Exploits0References5
CVE
CVE
added 2023/12/19 7:40 p.m.39 views

CVE-2023-34382

The Dokan WordPress plugin (Dokan – Best WooCommerce Multivendor Marketplace Solution) is affected up to version 3.7.19. The issue is a PHP Object Injection due to insecure deserialization of untrusted data in the plugin’s codebase. This vulnerability can impact confidentiality, integrity, and av...

8.8CVSS8.1AI score0.00689EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/14 4:18 p.m.71 views

CVE-2023-49860

CVE-2023-49860 affects the WordPress plugin WP Project Manager – Task, team, and project management plugin (weDevs) up to version 2.6.7 . The vulnerability is an improper neutralization of input during web page generation, resulting in a stored Cross-Site Scripting (XSS) condition. Public referen...

6.5CVSS6.7AI score0.00385EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/14 12:0 a.m.6 views

PT-2023-31399 · Wedevs · Wedevs Wp Project Manager

Name of the Vulnerable Software and Affected Versions: weDevs WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts versions through 2.6.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known ...

6.5CVSS6.2AI score0.00385EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/11/03 12:15 p.m.3 views

CVE-2023-34383

A vulnerability in weDevs WP Project Manager wedevs-project-manager.This issue affects WP Project Manager: from n/a through = 2.6.0...

9.8CVSS8.6AI score0.00554EPSS
Exploits0References3
NVD
NVD
added 2023/11/03 12:15 p.m.15 views

CVE-2023-34383

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0...

9.8CVSS9.8AI score0.00554EPSS
Exploits0References1
Prion
Prion
added 2023/11/03 12:15 p.m.17 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0...

7.5CVSS9.7AI score0.00554EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/03 11:11 a.m.16 views

CVE-2023-34383 WordPress WP Project Manager plugin <= 2.6.0 - SQL Injection vulnerability

A vulnerability in weDevs WP Project Manager wedevs-project-manager.This issue affects WP Project Manager: from n/a through = 2.6.0...

8.5CVSS8.6AI score0.00554EPSS
Exploits0References1
CVE
CVE
added 2023/11/03 11:11 a.m.51 views

CVE-2023-34383

CVE-2023-34383 affects the WordPress plugin WP Project Manager (weDevs) up to version 2.6.0. It is a SQL Injection vulnerability caused by improper neutralization of input in SQL commands, leading to unauthorized data access or manipulation when exploited by authenticated users (Subscriber+). Pub...

9.8CVSS8.9AI score0.00554EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/03 12:0 a.m.7 views

PT-2023-24853 · Wedevs · Wedevs Wp Project Manager

Name of the Vulnerable Software and Affected Versions: weDevs WP Project Manager versions through 2.6.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

9.8CVSS10AI score0.00554EPSS
Exploits0References6
NVD
NVD
added 2023/08/30 3:15 p.m.21 views

CVE-2023-34008

Unauth. Reflected Cross-Site Scripting XSS vulnerability in weDevs WP ERP plugin = 1.12.3 versions...

7.1CVSS6.2AI score0.00454EPSS
Exploits1References1
CVE
CVE
added 2023/08/30 2:50 p.m.49 views

CVE-2023-34008

CVE-2023-34008 affects the WordPress WP ERP plugin, with unauthenticated reflected Cross-Site Scripting (XSS) in versions

7.1CVSS6AI score0.00454EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/08/30 2:50 p.m.6 views

CVE-2023-34008 WordPress WP ERP Plugin <= 1.12.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in weDevs WP ERP plugin = 1.12.3 versions...

7.1CVSS5.9AI score0.00454EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/08/30 2:50 p.m.26 views

CVE-2023-34008 WordPress WP ERP Plugin <= 1.12.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in weDevs WP ERP plugin = 1.12.3 versions...

7.1CVSS6.3AI score0.00454EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.6 views

PT-2023-24627 · Wedevs · Wedevs Wp Erp

Name of the Vulnerable Software and Affected Versions: weDevs WP ERP plugin versions = 1.12.3 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This allows for malicious scripts to be injected into a website, potentially leading to unauthorized...

7.1CVSS6.1AI score0.00454EPSS
Exploits1References5
Wordfence Blog
Wordfence Blog
added 2023/08/09 6:4 p.m.40 views

weDevs Addresses Privilege Escalation Vulnerability in WP Project Manager WordPress Plugin

On July 9, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a Privilege Escalation vulnerability in weDevs’s WP Project Manager plugin, which is actively installed on more than 10,000 WordPress websites. This vulnerability makes it possible...

6.5CVSS6.9AI score0.00689EPSS
Exploits1
NVD
NVD
added 2023/07/10 4:15 p.m.47 views

CVE-2023-28989

Cross-Site Request Forgery CSRF vulnerability in weDevs Happy Addons for Elementor plugin = 3.8.2 versions...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References1
Prion
Prion
added 2023/07/10 4:15 p.m.25 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in weDevs Happy Addons for Elementor plugin = 3.8.2 versions...

6.8CVSS8.8AI score0.00309EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/10 12:51 p.m.36 views

CVE-2023-28989

CVE-2023-28989 is a CSRF vulnerability in the WordPress plugin Happy Addons for Elementor (weDevs) affecting versions

8.8CVSS6.5AI score0.00309EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder