Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/02/18 8:26 a.m.32 views

CVE-2026-2127 SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...

5.4CVSS0.00284EPSS
Exploits0References6
wpexploit
wpexploit
added 2023/03/06 12:0 a.m.120 views

WP Statistics < 14.0 - Authenticated SQLi

The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. Log...

8.8CVSS9.1AI score0.00898EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2022/05/17 2:51 a.m.17 views

Magmi XSS Vulnerability

A Cross-Site Scripting XSS was discovered in Magmi 0.7.22. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the magmi-git-master/magmi/web/ajaxgettime.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the...

6.1CVSS6.2AI score0.08173EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/10/11 1:15 p.m.3 views

CVE-2021-40542

Opensis-Classic Version 8.0 is affected by cross-site scripting XSS. An unauthenticated user can inject and execute JavaScript code through the linkurl parameter in Ajaxurlencode.php...

6.1CVSS6.3AI score0.02998EPSS
Exploits1References3
Openbugbounty
Openbugbounty
added 2018/06/22 7:31 a.m.11 views

vosgesemoi.fr Improper Access Control vulnerability

Open Bug Bounty ID: OBB-635275 Description| Value ---|--- Affected Website:| vosgesemoi.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

0.1AI score
Exploits0
Drupal
Drupal
added 2013/10/16 3:39 p.m.7 views

SA-CONTRIB-2013-079 - Context - Multiple Vulnerabilities

Context allows you to manage contextual conditions and reactions for different portions of your site This advisory covers two separate issues. Arbitrary PHP Code Execution The first, and more severe issue Highly Critical status, is that the module allows execution of PHP code via manipulation of ...

6AI score
Exploits0References12
Rows per page
Query Builder