Lucene search
K

285 matches found

Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.6 views

PT-2025-3712 · WordPress · Enable Accessibility

Name of the Vulnerable Software and Affected Versions: Enable Accessibility plugin for WordPress versions up to, and including, 1.4.1 Description: The issue arises from the use of add query arg and remove query arg without proper escaping on the URL, allowing unauthenticated attackers to inject...

6.1CVSS6.7AI score0.00285EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.7 views

PT-2024-17428 · WordPress · Analytics Cat

Name of the Vulnerable Software and Affected Versions: Analytics Cat – Google Analytics Made Easy plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL...

6.1CVSS6.9AI score0.00291EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/12/07 12:0 a.m.3 views

PT-2024-16944 · WordPress · Twchat

Name of the Vulnerable Software and Affected Versions: TWChat – Send or receive messages from users plugin for WordPress versions up to, and including, 4.0.4 Description: The issue is related to Reflected Cross-Site Scripting due to the use of remove query arg without appropriate escaping on the...

6.1CVSS6.8AI score0.00275EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/12/07 12:0 a.m.5 views

WordPress plugin افزونه پیامک ووکامرس Persian WooCommerce SMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin.... WordPress plugin افزونه پیامک...

6.1CVSS7.5AI score0.00355EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/07 12:0 a.m.4 views

WordPress plugin TWChat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.1CVSS7.5AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/07 12:0 a.m.7 views

PT-2024-15994 · WordPress · Persian Woocommerce Sms

Name of the Vulnerable Software and Affected Versions: Persian WooCommerce SMS plugin for WordPress versions up to, and including, 7.0.5 Description: The issue is related to Reflected Cross-Site Scripting due to the use of remove query arg without appropriate escaping on the URL. This allows...

6.1CVSS6.5AI score0.00355EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/12/06 1:17 p.m.3 views

WordPress 워드프레스 결제 심플페이 plugin <= 5.2.2 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability

Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin 워드프레스 결제 심플페이 versions = 5.2.2...

6.1CVSS6.3AI score0.0036EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/12/06 12:0 a.m.3 views

WordPress plugin Splash Sync 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

6.1CVSS7.5AI score0.0038EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/06 12:0 a.m.4 views

WordPress plugin ForumWP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin...

6.1CVSS7.6AI score0.00387EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/06 12:0 a.m.4 views

PT-2024-16940 · WordPress · Splash Sync

Name of the Vulnerable Software and Affected Versions: Splash Sync plugin for WordPress versions up to, and including, 2.0.6 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject arbitrary web scripts into page...

6.1CVSS6.8AI score0.0038EPSS
Exploits0References6
OSV
OSV
added 2024/12/04 11:30 a.m.3 views

CVE-2024-52273

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 setDoublePppoeConfig-guestipcheckoverflow arg: mask modules allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50...

9.8CVSS5.8AI score0.00437EPSS
Exploits0References1
OSV
OSV
added 2024/11/28 9:15 a.m.6 views

CVE-2024-11685

The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attacker...

6.1CVSS5.9AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2024/11/26 5:15 p.m.9 views

UBUNTU-CVE-2024-11407

There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPCARGTCPTXZEROCOPYENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network...

7.5CVSS7.1AI score0.00576EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/11/25 9:51 p.m.5 views

WordPress Parsi Date plugin <= 5.1.1 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability

Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by vgo0 in WordPress Plugin Parsi Date versions = 5.1.1...

6.1CVSS6.3AI score0.00449EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.6 views

WordPress plugin Premium Packages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.1CVSS7.6AI score0.00507EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/11/22 12:0 a.m.8 views

The vulnerabilities of the functions ate_Tenda_mfg_check_usb() and ate_Tenda_mfg_check_usb3() (/goform/ate) in the Tenda AC1206 router’s microprogramming software allow a attacker to execute arbitrary code or cause service failures.

The vulnerability of the functions ateTendamfgcheckusb and ateTendamfgcheckusb3 /goform/ate of the Tenda AC1206 router’s microprogramming software lies in the fact that the operation outputs outside the buffer in memory when processing the parameter arg. Exploiting this vulnerability allows a...

9CVSS7.4AI score0.01222EPSS
Exploits1References8Affected Software1
Patchstack
Patchstack
added 2024/11/21 10:18 p.m.5 views

WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.3 - Reflected Cross-Site Scripting via add_query_arg vulnerability

Reflected Cross-Site Scripting via addqueryarg vulnerability discovered by Peter Thaleikis in WordPress Plugin WPDM – Premium Packages versions = 5.9.3...

6.1CVSS6.3AI score0.00507EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/11/21 11:15 a.m.4 views

CVE-2024-11371

The Theater for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.18.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS7.4AI score0.00582EPSS
Exploits0References3
OSV
OSV
added 2024/11/21 11:15 a.m.5 views

CVE-2024-11365

The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers...

6.1CVSS7.4AI score0.00574EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.6 views

PT-2024-17007 · WordPress · Contestswp

Name of the Vulnerable Software and Affected Versions: ContestsWP plugin for WordPress versions up to, and including, 2.0.3 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without proper escaping on the URL. This allows unauthenticated attackers...

6.1CVSS8.7AI score0.00416EPSS
Exploits0References3
Rows per page
Query Builder