Lucene search
+L

412 matches found

Vulnrichment
Vulnrichment
added 2024/12/04 2:40 a.m.9 views

CVE-2024-11093 SG Helper <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload

The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web...

5.5CVSS5.9AI score0.00252EPSS
Exploits0References2
CVE
CVE
added 2024/12/04 2:40 a.m.57 views

CVE-2024-11093

CVE-2024-11093 concerns the WordPress plugin SG Helper (versions ≤ 1.0). The vulnerability is a Stored Cross‑Site Scripting via SVG file uploads, caused by insufficient input sanitization and output escaping. It requires authenticated access at Administrator level or higher, and can let the attac...

5.5CVSS5.2AI score0.00252EPSS
Exploits0References2
NVD
NVD
added 2024/11/28 9:15 a.m.34 views

CVE-2024-9669

The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fmlocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

7.2CVSS0.00948EPSS
Exploits0References5
CVE
CVE
added 2024/11/28 8:47 a.m.85 views

CVE-2024-9669

The CVE-2024-9669 entry describes an Local JavaScript File Inclusion vulnerability in WordPress File Manager Pro – Filester plugin (versions

7.2CVSS9.1AI score0.00948EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/11/27 11:33 a.m.48 views

CVE-2024-11009

CVE-2024-11009 affects the WordPress plugin Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic), vulnerable to time-based SQL Injection via the post_id parameter in all versions up to and including 1.2.1. The flaw stems from insufficient escaping of the user-supplied...

4.9CVSS7.6AI score0.00433EPSS
Exploits0References3
NVD
NVD
added 2024/11/26 2:15 p.m.15 views

CVE-2024-9461

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the croninterval parameter. This is due to missing input validation and sanitization. This makes it possible f...

7.2CVSS0.01012EPSS
Exploits0References2
CVE
CVE
added 2024/11/26 1:56 p.m.57 views

CVE-2024-9461

CVE-2024-9461 affects the WordPress plugin “Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid.” All versions up to and including 1.16.6 are vulnerable to Remote Code Execution via the cron_interval parameter due to missing input validation/sanitization. Exploitation requir...

7.2CVSS7.2AI score0.01012EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/11/16 10:15 a.m.16 views

CVE-2024-9887

The Login using WordPress Users WP as SAML IDP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.15.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

7.2CVSS0.00492EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/15 3:58 p.m.24 views

CVE-2022-20652 Cisco Tetration Command Injection Vulnerability

A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient inpu...

6.5CVSS7.4AI score0.01315EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/13 2:2 a.m.12 views

CVE-2024-10038 WP-Strava <= 2.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

6.1CVSS5.9AI score0.00345EPSS
Exploits0References2
NVD
NVD
added 2024/11/09 7:15 a.m.17 views

CVE-2024-9874

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.2CVSS0.00708EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/11/09 2:32 a.m.14 views

CVE-2024-9775 Anih - Creative Agency WordPress Theme <= 2024 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Anih - Creative Agency WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2024 due to an incomplete blacklist, insufficient input sanitization, and output escaping. This makes it possible for authenticated...

5.5CVSS5.8AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2024/10/30 11:15 a.m.21 views

CVE-2024-8512

The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization function. This is due to the plugin passing user supplied input to eval. This makes it possible for authenticated...

9.1CVSS0.00952EPSS
Exploits0References3
NVD
NVD
added 2024/10/28 2:15 p.m.29 views

CVE-2024-34537

TYPO3 before 13.3.1 allows denial of service interface error in the Bookmark Toolbar ext:backend, exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21...

4.9CVSS0.00684EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/10/28 12:0 a.m.10 views

CVE-2024-34537

TYPO3 before 13.3.1 allows denial of service interface error in the Bookmark Toolbar ext:backend, exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21...

7.1AI score0.00684EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/10/26 8:36 a.m.17 views

CVE-2024-8392 WordPress Post Grid Layouts with Pagination – Sogrid <= 1.5.6 - Authenticated (Admin+) Local File Inclusion

The WordPress Post Grid Layouts with Pagination – Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.6 via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and...

7.2CVSS0.00665EPSS
Exploits0References3
CVE
CVE
added 2024/10/26 8:36 a.m.42 views

CVE-2024-8392

CVE-2024-8392 affects WordPress plugin “Sogrid” (Post Grid Layouts with Pagination) for WordPress. The vulnerability is a Local File Inclusion (LFI) via the tab parameter in all versions up to and including 1.5.2, requiring Administrator-level access or higher. This enables an authenticated attac...

7.2CVSS6.5AI score0.00665EPSS
Exploits0References3
NVD
NVD
added 2024/10/23 6:15 p.m.18 views

CVE-2024-20472

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...

6.5CVSS0.00436EPSS
Exploits0References1
NVD
NVD
added 2024/10/23 6:15 p.m.24 views

CVE-2024-20471

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...

6.5CVSS0.00436EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/23 5:50 p.m.24 views

CVE-2024-20472

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not validat...

6.5CVSS0.00436EPSS
Exploits0References1
Rows per page
Query Builder