Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/05/05 2:26 a.m.6 views

CVE-2026-6702 Publish 2 Ping.fm <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'wpPingPingKey' Parameter

The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This makes it possible for unauthenticated attackers t...

6.1CVSS5.7AI score0.0012EPSS
Exploits0References7
OSV
OSV
added 2024/01/16 4:15 p.m.5 views

CVE-2021-25117

The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratingsimage parameter from its options page wp-admin/admin.php?page=wp-postratings/postratings-options.php. Even though the page is only accessible to administrators, and protected against CSRF attacks, the issue is stil...

4.8CVSS5.8AI score0.00224EPSS
Exploits1References1
OSV
OSV
added 2020/12/21 7:15 a.m.2 views

CVE-2020-35589

The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed b...

5.4CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2019/08/08 8:15 p.m.5 views

CVE-2019-14682

The acf-better-search aka ACF: Better Search plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbsadminpage CSRF...

4.3CVSS5.8AI score0.00745EPSS
Exploits1References3
OSV
OSV
added 2019/04/15 8:29 p.m.4 views

CVE-2018-17584

The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page...

8.8CVSS5.8AI score0.00919EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2019/04/12 12:0 a.m.6 views

PT-2019-8926 · WordPress · Events Manager

Name of the Vulnerable Software and Affected Versions: Events Manager plugin version 5.9.4 Description: The issue concerns a cross-site scripting XSS problem. It is exploited via the dbem event reapproved email body parameter to the "wp-admin/edit.php?post type=event&page=events-manager-options"...

4.8CVSS5.3AI score0.01209EPSS
Exploits1References7
OSV
OSV
added 2018/02/06 2:29 p.m.4 views

CVE-2018-6466

A cross-site scripting XSS vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSSset parameter to wp-admin/options-general.php...

6.1CVSS5.8AI score0.00918EPSS
Exploits1References1
Rows per page
Query Builder