Lucene search
+L

412 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.10 views

CVE-2024-7618

The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it...

4.8CVSS5.8AI score0.00317EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:27 a.m.11 views

CVE-2024-20478

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...

7.2CVSS8AI score0.0074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:56 a.m.10 views

CVE-2024-6011

The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.8AI score0.00436EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.10 views

CVE-2024-6669

The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS5.8AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:54 a.m.7 views

CVE-2024-12581

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.8CVSS5.8AI score0.0046EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:48 a.m.14 views

CVE-2024-20473

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...

6.5CVSS7.7AI score0.00436EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:25 a.m.7 views

CVE-2024-0612

The Content Views – Post Grid, Slider, Accordion Gutenberg Blocks and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for...

4.8CVSS5.8AI score0.00499EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:25 a.m.9 views

CVE-2024-0703

The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.8AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:18 a.m.7 views

CVE-2024-8680

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS5.7AI score0.00529EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:6 a.m.4 views

CVE-2023-6494

The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:32 a.m.9 views

CVE-2022-4619

The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Extra CSS class’ parameter in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS5.8AI score0.00541EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:15 a.m.12 views

CVE-2022-4697

The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpusercoverdefaultimageurl’ parameter in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS5.8AI score0.00679EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:29 p.m.9 views

CVE-2022-24260

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level...

10CVSS8.1AI score0.49992EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:3 p.m.8 views

CVE-2020-6960

The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch,...

9.8CVSS8AI score0.0114EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:43 a.m.16 views

CVE-2025-4477

The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API...

8.6CVSS7.3AI score0.00413EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/21 12:0 a.m.5 views

PT-2025-22341 · WordPress · The Glossary

Name of the Vulnerable Software and Affected Versions: The Glossary by WPPedia – Best Glossary plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to PHP Object Injection via deserialization of untrusted input from the posttypes parameter. This allows...

7.2CVSS7.2AI score0.00569EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/05/19 5:58 a.m.6 views

CVE-2025-4477 TeamT5 ThreatSonar Anti-Ransomware - Privilege Escalation

The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API...

8.6CVSS7.2AI score0.00413EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/19 5:58 a.m.21 views

CVE-2025-4477 TeamT5 ThreatSonar Anti-Ransomware - Privilege Escalation

The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API...

8.6CVSS0.00413EPSS
Exploits0References2
CVE
CVE
added 2025/05/19 5:58 a.m.52 views

CVE-2025-4477

CVE-2025-4477 concerns ThreatSonar Anti-Ransomware (TeamT5). Affected component is the API authorization/privilege management, where improper handling of specific API privileges allows remote attackers with intermediate privileges to escalate to administrator level via a particular API. Related e...

8.6CVSS7.1AI score0.00413EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/25 6:45 a.m.29 views

CVE-2025-2238 Vikinger <= 1.9.30 - Authenticated (Subscriber+) Privilege Escalation via 'vikinger_user_meta_update_ajax'

The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient usermeta restrictions in the 'vikingerusermetaupdateajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS0.00342EPSS
Exploits0References2
Rows per page
Query Builder