Lucene search
K

200 matches found

Prion
Prion
added 2024/02/23 7:15 a.m.13 views

Sql injection

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

5.8CVSS7.5AI score0.00562EPSS
Exploits0References2
CVE
CVE
added 2024/02/23 6:48 a.m.81 views

CVE-2024-1778

CVE-2024-1778 affects the WordPress plugin “Admin side data storage for Contact Form 7.” The vulnerability is due to a missing capability check in the zt_dcfcf_change_bookmark() function, enabling unauthenticated actors to modify bookmark statuses in all versions up to 1.1.1. Multiple connected s...

5.3CVSS5.3AI score0.00375EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/20 12:0 a.m.7 views

The vulnerability of the log management function of the email audit platform MailSherlock allows a perpetrator to execute arbitrary commands.

The vulnerability of the log management function of the email audit platform MailSherlock is related to the lack of data cleaning measures at the administrative level. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary commands...

8.3CVSS7.4AI score0.00928EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/14 12:0 a.m.7 views

The vulnerability of the XWiki platform for creating collaborative web applications lies in the lack of protection for administrative data. This allows attackers to disclose information about users’ email addresses.

The vulnerability of the XWiki Platform lies in the lack of protection for user data. Exploiting this vulnerability could allow a malicious actor to obtain information about users’ email addresses remotely...

5.3CVSS5.9AI score0.59119EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/02/09 8:15 p.m.38 views

CVE-2024-1246

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...

4.8CVSS4AI score0.00453EPSS
Exploits0References2
OSV
OSV
added 2023/12/26 7:15 p.m.4 views

CVE-2023-5644

The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users...

7.6CVSS5.8AI score0.00499EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.9 views

PT-2023-32233 · WordPress · Wp Mail Log

Name of the Vulnerable Software and Affected Versions: WP Mail Log WordPress plugin versions prior to 1.1.3 Description: The issue arises from incorrect authorization of REST API endpoints in the WP Mail Log WordPress plugin, allowing users with the Contributor role to view and delete data that...

7.6CVSS7AI score0.00499EPSS
Exploits2References7
CNNVD
CNNVD
added 2023/12/08 12:0 a.m.6 views

EverShop Security Breach

EverShop is EverShop open source a NodeJS e-commerce platform. A security vulnerability exists in EverShop versions prior to v.1.0.0-rc.5. A remote attacker can exploit this vulnerability to obtain sensitive information from the admin panel via a specially crafted script...

6.1CVSS6.4AI score0.00494EPSS
Exploits0References3
OSV
OSV
added 2023/06/27 5:15 p.m.3 views

CVE-2023-35800

Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators...

4.3CVSS5.8AI score0.00385EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/27 12:0 a.m.4 views

Stormshield Endpoint Security 安全漏洞

Stormshield Endpoint Security is a product line of enhanced workstation and server security from the French company Stormshield. A security vulnerability exists in Stormshield Endpoint Security Evolution versions 2.0.0 through 2.3.2, which stems from an ACL entry on the SES Evolution agent...

4.3CVSS5.2AI score0.00385EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.9 views

The vulnerability of the GLPI system’s request and incident handling process, related to improper input cancellation during the generation of web pages, allows attackers to carry out attacks using cross-site scripts.

The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data in the administration panel. Users can inject and execute arbitrary HTML and scripts in the user’s browser within the context of the vulnerable website. Exploiting this...

4.8CVSS6.7AI score0.00538EPSS
Exploits0References6Affected Software2
CNNVD
CNNVD
added 2023/06/15 12:0 a.m.5 views

WordPress plugin Admin side data storage for Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS6.7AI score0.00382EPSS
Exploits0References2
OSV
OSV
added 2023/03/16 1:15 p.m.3 views

CVE-2023-1431

The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location /wp-content/plugins/wordpress-simple-paypal-shopping-cart/includes/admin/...

5.3CVSS6.6AI score0.00549EPSS
Exploits0References2
Prion
Prion
added 2023/02/20 10:15 a.m.21 views

Cross site scripting

A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is ab...

5.8CVSS6.5AI score0.00489EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/20 9:31 a.m.8 views

CVE-2015-10080 NREL api-umbrella-web Admin Data Table cross site scripting

A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is ab...

4CVSS6.3AI score0.00489EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/02/20 9:31 a.m.20 views

CVE-2015-10080 NREL api-umbrella-web Admin Data Table cross site scripting

A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is ab...

4CVSS6.1AI score0.00489EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/20 12:0 a.m.2 views

API Umbrella Web 跨站脚本漏洞

API Umbrella Web is an open source library from National Renewable Energy Laboratory. A cross-site scripting vulnerability exists in API Umbrella Web version 0.7.1, which stems from an issue with an unknown portion of the component Admin Data Table Handler that can lead to a cross-site scripting...

6.1CVSS4.6AI score0.00489EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/08/26 3:25 p.m.24 views

CVE-2022-25625

A malicious unauthorized PAM user can access the administration configuration data and change the values...

8.8AI score0.00728EPSS
Exploits0References1
OSV
OSV
added 2022/05/24 5:34 p.m.1 views

GHSA-2RR8-9C6G-8J5C Missing Authorization in Crafter CMS

In Crafter CMS Crafter Studio 3.0 prior to 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data...

6.5CVSS5.9AI score0.00744EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/04 4:15 p.m.4 views

CVE-2022-0837

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...

5.5CVSS5.9AI score0.00609EPSS
Exploits2References2
Rows per page
Query Builder