Lucene search
K

62 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:12 a.m.7 views

CVE-2022-0232

The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loadertext parameter found in the /includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary we...

4.8CVSS5.9AI score0.00856EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2021-25710

Malware in sbrugna...

5.5CVSS5AI score0.011EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-25693

Malware in sbrugna...

5.5CVSS5.2AI score0.00508EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-4577

Malicious code in bioql PyPI...

3.5CVSS6.6AI score0.00561EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:12 p.m.6 views

CVE-2021-21992

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...

6.8CVSS6.9AI score0.00944EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:46 a.m.7 views

CVE-2019-6616

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite critical system files on BIG-IP which can result in bypass of whitelist / blacklist restrictions enforced by appliance mode...

7.2CVSS7AI score0.01596EPSS
Exploits0References1
CVE
CVE
added 2025/03/07 7:22 a.m.65 views

CVE-2025-1309

CVE-2025-1309 affects UiPress lite for WordPress. A missing capability check in uip_save_form_as_option() in all versions up to 3.5.04 allows authenticated users with Subscriber-level access or higher to modify arbitrary options, enabling privilege escalation (e.g., changing the default registrat...

8.8CVSS7.4AI score0.00429EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/28 8:23 a.m.39 views

CVE-2024-9193 WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS0.03111EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/12 12:0 a.m.5 views

CVE-2024-34521

A directory traversal vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R10240, which allows an administrative user to access system files with the file permissions of the privileged system user running the application...

4AI score0.00561EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:26 a.m.7 views

CVE-2024-12155

The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settingsimport function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to...

9.8CVSS7.3AI score0.01197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:14 a.m.7 views

CVE-2024-10589

The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the importsettings function in all versions up to, and including, 3.1.1. This makes it possible for authenticate...

9.8CVSS7.1AI score0.00473EPSS
Exploits0References1
NVD
NVD
added 2024/11/19 12:15 p.m.18 views

CVE-2024-11194

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtclimportsettings' function in all versions up to, and including, 3.1.15.1. This...

8.8CVSS0.00548EPSS
Exploits0References4
CVE
CVE
added 2024/11/19 11:32 a.m.59 views

CVE-2024-11194

CVE-2024-11194 affects the WordPress plugin Classified Listing – Classified ads & Business Directory Plugin (versions

8.8CVSS8.8AI score0.00548EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/09 7:35 a.m.15 views

CVE-2024-10589 Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the importsettings function in all versions up to, and including, 3.1.1. This makes it possible for authenticate...

9.8CVSS7.4AI score0.00473EPSS
Exploits0References2
NVD
NVD
added 2024/10/25 7:15 a.m.26 views

CVE-2024-9235

The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapsterwpmapssetoptionfromjs function in all versions up to, and including, 1.5.0. This makes it possible for...

8.8CVSS0.00482EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/10/25 6:51 a.m.28 views

CVE-2024-9235 Mapster WP Maps <= 1.5.0 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Options Update

The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapsterwpmapssetoptionfromjs function in all versions up to, and including, 1.5.0. This makes it possible for...

8.8CVSS0.00482EPSS
Exploits0References5
NVD
NVD
added 2024/07/11 12:15 a.m.25 views

CVE-2024-6447

The FULL – Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on the related...

7.2CVSS0.00509EPSS
Exploits0References4
Prion
Prion
added 2022/06/13 2:15 p.m.27 views

Cross site scripting

The Google Tag Manager for WordPress GTM4WP plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the gtm4wp-optionsscroller-contentid parameter found in the /public/frontend.php file which allowed attackers with administrative user access to inject arbitrary web...

3.5CVSS4.8AI score0.01071EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/01/18 5:15 p.m.24 views

CVE-2022-0210

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and...

4.8CVSS0.04362EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/01/18 4:52 p.m.27 views

CVE-2022-0210 Random Banner <= 4.1.4 Admin+ Stored Cross-Site Scripting

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and...

4.8CVSS5.1AI score0.04362EPSS
Exploits1References3
Rows per page
Query Builder