Lucene search
K

95 matches found

OSV
OSV
added 2024/09/14 9:15 a.m.5 views

CVE-2023-3410

The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder...

5.4CVSS5.9AI score0.00299EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.5 views

PT-2024-38455 · Peepso · The Community By Peepso

Name of the Vulnerable Software and Affected Versions: The Community by PeepSo plugin for WordPress versions up to, and including, 6.4.5.0 Description: The issue is related to Stored Cross-Site Scripting via the content parameter due to insufficient input sanitization and output escaping. This...

4.8CVSS5.9AI score0.00317EPSS
Exploits0References11
OSV
OSV
added 2024/08/30 7:15 a.m.7 views

CVE-2024-8016

The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and...

7.2CVSS6AI score0.00748EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/27 12:0 a.m.7 views

PT-2024-37686 · Fluent Forms · Contact Form Plugin By Fluent Forms

Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.19 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input...

5.5CVSS5.9AI score0.00321EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.3 views

PT-2024-37278 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw in the LDAP testing endpoint allows an attacker with admin access to change the LDAP host URL to a machine they control, potentially leaking domain credentials. This can be achieved...

2.7CVSS6.4AI score0.00649EPSS
Exploits0References20
OSV
OSV
added 2024/04/16 1:15 p.m.3 views

CVE-2024-3067

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

7.2CVSS5.8AI score0.00684EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/06 12:0 a.m.10 views

PT-2024-19630 · 10Web · The Photo Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions up to, and including, 1.8.21 Description: The issue is related to Stored Cross-Site Scripting via SVG file uploads due to insufficient input sanitization...

5.5CVSS8.1AI score0.00436EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.7 views

PT-2024-22937 · WordPress · The Simple Ajax Chat

Name of the Vulnerable Software and Affected Versions: The Simple Ajax Chat – Add a Fast, Secure Chat Box plugin for WordPress versions up to, and including, 20231101 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and...

4.4CVSS7.9AI score0.0033EPSS
Exploits0References6
OSV
OSV
added 2024/02/27 9:15 a.m.7 views

CVE-2023-7167

The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS7.3AI score0.00396EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/02/24 12:0 a.m.5 views

PT-2024-14831 · WordPress · Backwpup

Name of the Vulnerable Software and Affected Versions: BackWPup plugin for WordPress versions up to, and including, 4.0.2 Description: The issue arises from the improper storage of backup destination passwords in plaintext, allowing authenticated attackers with administrator-level access to...

2.7CVSS5AI score0.00449EPSS
Exploits0References5
OSV
OSV
added 2024/02/23 7:15 a.m.9 views

CVE-2024-1776

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

7.2CVSS7.3AI score0.00562EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.5 views

PT-2024-20760 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.57 ELTS TYPO3 versions prior to 9.5.46 ELTS TYPO3 versions prior to 10.4.43 ELTS TYPO3 versions prior to 11.5.35 LTS TYPO3 versions prior to 12.4.11 LTS TYPO3 versions prior to 13.0.1 Description: The plaintext val...

4.9CVSS7.2AI score0.00363EPSS
Exploits0References14
OSV
OSV
added 2024/02/05 10:16 p.m.4 views

CVE-2024-0668

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...

7.2CVSS6AI score0.01139EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.6 views

PT-2024-15730 · WordPress · Meks Smart Social Widget

Name of the Vulnerable Software and Affected Versions: Meks Smart Social Widget plugin for WordPress versions up to, and including, 1.6.3 Description: The issue is related to Stored Cross-Site Scripting via the Meks Smart Social Widget, caused by insufficient input sanitization and output escapin...

4.8CVSS5.4AI score0.00304EPSS
Exploits0References8
OSV
OSV
added 2023/10/20 7:15 a.m.5 views

CVE-2023-5120

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

4.8CVSS7.2AI score0.00328EPSS
Exploits0References2
OSV
OSV
added 2023/10/02 11:15 a.m.2 views

CVE-2023-44265

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Popup contact form plugin = 7.1 versions...

4.8CVSS7.3AI score
Exploits0References1
OSV
OSV
added 2023/08/10 12:15 p.m.5 views

CVE-2023-36530

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smartypants SP Project & Document Manager plugin = 4.67 versions...

4.8CVSS5.8AI score0.00366EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/29 3:15 a.m.4 views

CVE-2022-46408

Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...

6.8CVSS7.3AI score0.00924EPSS
Exploits0References2
OSV
OSV
added 2023/06/22 3:15 p.m.5 views

CVE-2023-34170

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce plugin = 3.5.7 versions...

4.8CVSS7.3AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2023/06/16 9:15 a.m.3 views

CVE-2023-25963

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JoomSky JS Job Manager plugin = 2.0.0 versions...

4.8CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder