Lucene search
+L

102 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2017-14725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. CVE-2017-14725 Note that...

5.4CVSS7AI score0.02277EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:59 a.m.14 views

CVE-2023-3170

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

4.8CVSS5.8AI score0.00377EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:57 p.m.9 views

CVE-2022-2395

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6.2AI score0.00511EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:18 p.m.13 views

CVE-2021-32790

Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors already having admin access, or API keys to the WooCommerce site can exploit vulnerable...

4.9CVSS7.4AI score0.01265EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.6 views

CVE-2024-8085 PeoplePond <= 1.1.9 - CSRF to Stored XSS

The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1AI score0.00143EPSS
Exploits1References1
NVD
NVD
added 2025/03/24 2:15 p.m.10 views

CVE-2025-30552

Cross-Site Request Forgery CSRF vulnerability in Donald Gilbert WordPress Admin Bar Improved wordpress-admin-bar-improved allows Stored XSS.This issue affects WordPress Admin Bar Improved: from n/a through = 3.3.5...

7.1CVSS0.00178EPSS
Exploits0References1
CVE
CVE
added 2025/03/24 1:46 p.m.59 views

CVE-2025-30552

CVE-2025-30552: A Cross-Site Request Forgery (CSRF) leading to Stored XSS in WordPress Admin Bar Improved. Affected: WordPress Admin Bar Improved versions up to 3.3.5 (range includes n/a through 3.3.5). Nature: CSRF vulnerability that can result in stored XSS. Severity: CVSS v3.1 base score 7.1 (...

7.1CVSS7.2AI score0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/24 1:46 p.m.32 views

CVE-2025-30552 WordPress WordPress Admin Bar Improved plugin <= 3.3.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Donald Gilbert WordPress Admin Bar Improved wordpress-admin-bar-improved allows Stored XSS.This issue affects WordPress Admin Bar Improved: from n/a through = 3.3.5...

7.1CVSS0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.6 views

WordPress plugin WordPress Admin Bar Improved 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin WordPress Admin B...

7.1CVSS8.1AI score0.00178EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/02/20 9:41 a.m.513 views

Exploit for CVE-2024-2961

PHP file-read to RCE CVE-2024-2961 TODO Parse LIBC to kn...

7.3CVSS7.8AI score0.8833EPSS
Exploits16
Vulnrichment
Vulnrichment
added 2025/01/16 8:7 p.m.6 views

CVE-2025-23832 WordPress Admin Cleanup plugin <= 1.0.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Matt Gibbs Admin Cleanup admin-cleanup allows Stored XSS.This issue affects Admin Cleanup: from n/a through = 1.0.2...

7.1CVSS7.2AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/16 8:7 p.m.18 views

CVE-2025-23832 WordPress Admin Cleanup plugin <= 1.0.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Matt Gibbs Admin Cleanup admin-cleanup allows Stored XSS.This issue affects Admin Cleanup: from n/a through = 1.0.2...

7.1CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/09 6:0 a.m.7 views

CVE-2024-12731 aklamator-infeed <= 2.0.0 - Reflected XSS

The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1AI score0.00356EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/12/27 12:0 a.m.4 views

PT-2024-17347

Name of the Vulnerable Software and Affected Versions GiveWP WordPress plugin versions prior to 3.19.0 Description The issue arises from the plugin's failure to properly sanitise and escape a parameter before outputting it back in the page. This leads to a Reflected Cross-Site Scripting error,...

4.8CVSS7.2AI score0.00794EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2024/12/16 2:13 p.m.9 views

CVE-2024-54431 WordPress Admin Customization plugin <= 2.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in phpdevp Admin Customization wpp-customization allows Stored XSS.This issue affects Admin Customization: from n/a through = 2.2...

7.1CVSS8.6AI score0.00206EPSS
Exploits0References1
CVE
CVE
added 2024/12/16 2:13 p.m.46 views

CVE-2024-54431

CVE-2024-54431 is a CSRF-to-Stored-XSS vulnerability in the Admin Customization plugin for Admin Customization: from n/a through 2.2. The issue, described in connected documents as a Cross-Site Request Forgery vulnerability that enables Stored XSS, affects the Admin Customization plugin before or...

7.1CVSS7.2AI score0.00206EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/19 4:32 p.m.9 views

CVE-2024-51637 WordPress Admin SMS Alert plugin <= 1.1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in sroyalty Admin SMS Alert admin-sms-alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through = 1.1.0...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.12 views

WordPress Admin Amplify Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Admin Amplify Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51691 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6902915ddda2 Credits João Pedro S Alcântara Kinorth...

7.1CVSS6.9AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.10 views

WordPress Admin Management Xtended Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)

Software Admin Management Xtended Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49307 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 966456ab80af Credits Trương Hữu Phúc truonghuuphuc...

6.5CVSS6.5AI score0.00235EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/29 12:0 a.m.8 views

WordPress Admin Trim Interface Plugin <= 3.5.1 is vulnerable to Sensitive Data Exposure

Software Admin Trim Interface Type Plugin Vulnerable versions = 3.5.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6545 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 4e884f0bbd90 Credits stealthcopter Required...

5.3CVSS6.6AI score0.00373EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder