Lucene search
+L

37 matches found

nvd
nvd
added 2025/01/07 5:15 a.m.20 views

CVE-2024-12176

The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wlconfigplugin' AJAX action in all versions up to, and including, 3.54.2. This makes it possible for unauthenticated attackers to update the plugin's settings...

5.3CVSS0.00312EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/01/07 4:22 a.m.6 views

CVE-2024-12176 WordLift – AI powered SEO – Schema <= 3.54.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wlconfigplugin' AJAX action in all versions up to, and including, 3.54.0. This makes it possible for unauthenticated attackers to update the plugin's settings...

5.3CVSS5.2AI score0.00312EPSS
Exploits0References2
cve
cve
added 2025/01/07 4:22 a.m.50 views

CVE-2024-12176

CVE-2024-12176 (WordLift – AI powered SEO – Schema) details : The WordLift WordPress plugin is vulnerable to unauthorized access via a missing capability check on the wl_config_plugin AJAX action, affecting all versions up to and including 3.54.0. This enables unauthenticated attackers to update ...

5.3CVSS7.2AI score0.00312EPSS
Exploits0References2
cvelist
cvelist
added 2025/01/07 4:22 a.m.20 views

CVE-2024-12176 WordLift – AI powered SEO – Schema <= 3.54.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wlconfigplugin' AJAX action in all versions up to, and including, 3.54.2. This makes it possible for unauthenticated attackers to update the plugin's settings...

5.3CVSS0.00312EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/01/07 12:0 a.m.5 views

WordPress plugin WordLift – AI powered SEO – Schema 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS8.2AI score0.00312EPSS
Exploits0References2
patchstack
patchstack
added 2025/01/06 5:53 p.m.6 views

WordPress WordLift plugin <= 3.54.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin WordLift versions = 3.54.2...

5.3CVSS7AI score0.00312EPSS
Exploits0References1Affected Software1
cnvd
cnvd
added 2022/09/28 12:0 a.m.22 views

WordPress WordLift Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS4.9AI score0.00475EPSS
Exploits2References1
nvd
nvd
added 2022/09/26 1:15 p.m.16 views

CVE-2022-3069

The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00475EPSS
Exploits2References1
osv
osv
added 2022/09/26 1:15 p.m.5 views

CVE-2022-3069

The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00475EPSS
Exploits2References1
prion
prion
added 2022/09/26 1:15 p.m.16 views

Cross site scripting

The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.3CVSS5.1AI score0.00475EPSS
Exploits2References1Affected Software1
cve
cve
added 2022/09/26 12:35 p.m.64 views

CVE-2022-3069

The WordLift WordPress plugin prior to version 3.37.2 fails to sanitise/escape settings, enabling cross-site scripting by high-privilege users (e.g., admins). CVE-2022-3069 is documented with a PoC/exploitation note in some sources; remediation is to upgrade to 3.37.2 or later.

4.8CVSS4.7AI score0.00475EPSS
Exploits2References1Affected Software1
vulnrichment
vulnrichment
added 2022/09/26 12:35 p.m.8 views

CVE-2022-3069 Wordlift < 3.37.2 - Admin+ Stored Cross-Site Scripting

The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.1AI score0.00475EPSS
Exploits2References1
cvelist
cvelist
added 2022/09/26 12:35 p.m.27 views

CVE-2022-3069 Wordlift < 3.37.2 - Admin+ Stored Cross-Site Scripting

The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.6AI score0.00475EPSS
Exploits2References1
ptsecurity
ptsecurity
added 2022/09/26 12:0 a.m.5 views

PT-2022-20233 · WordPress · Wordlift

Name of the Vulnerable Software and Affected Versions: WordLift WordPress plugin versions prior to 3.37.2 Description: The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape its...

4.8CVSS4.6AI score0.00475EPSS
Exploits2References3
cnnvd
cnnvd
added 2022/09/26 12:0 a.m.4 views

WordPress plugin WordLift 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS6.1AI score0.00475EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/08/31 12:0 a.m.421 views

Wordlift < 3.37.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. - Go to publisher and select Create a New Publisher - Add publisher name " - Click on Save Changes - Now...

4.8CVSS0.9AI score0.00475EPSS
Exploits2
wpvulndb
wpvulndb
added 2022/08/31 12:0 a.m.17 views

Wordlift < 3.37.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC - Go to publisher and select Create a New Publisher - Add publisher name " - Click on Save Changes...

4.8CVSS1.5AI score0.00475EPSS
Exploits2Affected Software1
Rows per page
Query Builder