Lucene search
K

106 matches found

Positive Technologies
Positive Technologies
added 2024/12/31 12:0 a.m.4 views

PT-2024-36753 · Unknown · Marketingfire Widget Options

Name of the Vulnerable Software and Affected Versions: MarketingFire Widget Options versions 4.0.6.1 and earlier Description: The issue is related to a missing authorization vulnerability in MarketingFire Widget Options, which allows exploiting incorrectly configured access control security level...

4.3CVSS9.4AI score0.00333EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/12/19 12:6 p.m.6 views

WordPress Widget Options plugin <= 4.0.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Widget Options versions = 4.0.6.1...

4.3CVSS7AI score0.00333EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/12/06 12:0 a.m.4 views

WordPress plugin KiviCare SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

6.5CVSS8.8AI score0.00571EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.7 views

The vulnerability of the eval() function in the Widget Options plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the eval function in the Widget Options plugin of the WordPress content management system is related to improper handling of code generation due to incorrect validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

9.9CVSS8.5AI score0.43797EPSS
Exploits1References7Affected Software1
GithubExploit
GithubExploit
added 2024/12/02 7:59 p.m.109 views

Exploit for CVE-2024-8672

CVE-2024-8672: Authenticated Contributor Remote Code Execution...

9.9CVSS9.9AI score0.43797EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/11/28 9:47 a.m.17 views

CVE-2024-8672 Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution

The Widget Options – The 1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin allowing users to supply inp...

9.9CVSS7.9AI score0.43797EPSS
Exploits1References5
CVE
CVE
added 2024/11/28 9:47 a.m.114 views

CVE-2024-8672

CVE-2024-8672 affects the WordPress plugin “Widget Options – The #1 WordPress Widget & Block Control Plugin” (versions

9.9CVSS9.6AI score0.43797EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/28 12:0 a.m.6 views

WordPress plugin Widget Options 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exist...

9.9CVSS9.2AI score0.43797EPSS
Exploits1References5
Patchstack
Patchstack
added 2024/11/27 11:22 p.m.9 views

WordPress Widget Options plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution vulnerability

Authenticated Contributor+ Remote Code Execution vulnerability discovered by Webbernaut in WordPress Plugin Widget Options versions = 4.0.7...

9.9CVSS7.5AI score0.43797EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/11/27 12:0 a.m.40 views

WordPress Widget Options Plugin <= 4.0.7 is vulnerable to Remote Code Execution (RCE)

Software Widget Options Type Plugin Vulnerable versions = 4.0.7 Fixed in 4.0.8 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-8672 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 44c40aa090ca Credits Webbernaut Required privilege...

7.6AI score0.43797EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.13 views

Widget Options - Extended <= 5.1.0 & Widget Options <= 4.0.1 - Authenticated (Subscriber+) Information Disclosure

Description The Widget Options - Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 5.1.3 exclusive for Widget Options - Extended and all versions up to, and including, 4.0.1 for Widget Options. This makes it possible for unauthenticated attackers ...

6.5CVSS6.3AI score0.00422EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/06/08 3:15 p.m.36 views

CVE-2024-35691

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through 5.1.0...

6.5CVSS0.00422EPSS
Exploits0References2
CVE
CVE
added 2024/06/08 2:38 p.m.59 views

CVE-2024-35691

Technical details about CVE-2024-35691 are not provided in the connected documents. Public information in the initial record is limited to a generic exposure claim for Widget Options - Extended up to version 5.1.0. Monitor for updates and official advisories.

6.5CVSS5.5AI score0.00422EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/08 12:0 a.m.6 views

WordPress plugin Widget Options - Extended Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...

6.5CVSS6.2AI score0.00422EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/06/06 9:54 a.m.6 views

WordPress Widget Options Extended plugin <= 5.1.0 - Subscriber+ User Meta Data Exposure Vulnerability

Subscriber+ User Meta Data Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options - Extended versions = 5.1.0...

6.5CVSS6.9AI score0.00422EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/06 9:54 a.m.6 views

WordPress Widget Options Extended plugin <= 5.1.0 - Subscriber+ Private/Draft Post Exposure Vulnerability

Subscriber+ Private/Draft Post Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options - Extended versions = 5.1.0...

6.5CVSS6.9AI score0.00422EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/06 9:52 a.m.7 views

WordPress Widget Options plugin <= 4.0.1 - Subscriber+ Private/Draft Post Exposure Vulnerability

Subscriber+ Private/Draft Post Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options versions = 4.0.1...

6.9AI score0.00294EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/06 9:51 a.m.6 views

WordPress Widget Options plugin <= 4.0.1 - Subscriber+ User Meta Data Exposure Vulnerability

Subscriber+ User Meta Data Exposure Vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Widget Options versions = 4.0.1...

6.9AI score0.00294EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/06 12:0 a.m.15 views

WordPress Widget Options - Extended Plugin <= 5.1.0 is vulnerable to Sensitive Data Exposure

Software Widget Options - Extended Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.3 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35691 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3582bb729f7f Credits Dave Jong...

6.5CVSS6.4AI score0.00422EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/06 12:0 a.m.19 views

WordPress Widget Options - Extended Plugin <= 5.1.0 is vulnerable to Sensitive Data Exposure

Software Widget Options - Extended Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.3 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35691 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 80da7493f574 Credits Dave Jong...

6.5CVSS6.4AI score0.00422EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder