Lucene search
K

134 matches found

Cvelist
Cvelist
added 2025/05/27 1:48 a.m.18 views

CVE-2025-4682 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider and Post Carousel Widgets

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML attributes in Slider and Post Carousel widgets in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output...

6.4CVSS0.00319EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 5:23 p.m.9 views

CVE-2025-20112

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An attack...

5.1CVSS7.1AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:56 a.m.10 views

CVE-2024-2239

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:35 a.m.6 views

CVE-2024-22544

An issue was discovered in Linksys Router E1700 version 1.0.04 build 3, allows authenticated attackers to execute arbitrary code via the setDateTime function...

8CVSS7.7AI score0.09346EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:59 a.m.5 views

CVE-2024-6532

The Sheet to Table Live Sync for Google Sheet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STWTSheetTable shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.8AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:36 a.m.8 views

CVE-2024-4385

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...

6.4CVSS5.8AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:48 a.m.4 views

CVE-2024-10681

The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...

6.3CVSS7.3AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:38 a.m.4 views

CVE-2023-32536

Affected versions Trend Micro Apex Central on-premise are vulnerable to potential authenticated reflected cross-site scripting XSS attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order ...

5.4CVSS5.7AI score0.00332EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:28 p.m.9 views

CVE-2021-3376

An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the usergroupidfield parameter...

8.8CVSS6.9AI score0.01103EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:45 p.m.9 views

CVE-2020-6114

An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS Commit bb274de1751ffb9d09482fd2538f9950a94c510a . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this...

7.2CVSS7.9AI score0.01727EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:47 p.m.10 views

CVE-2018-17017

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services e.g., inetd, HTTP, DNS, and UPnP via long JSON data for dhcpd udhcpd enable...

6.5CVSS7.1AI score0.0104EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:33 a.m.6 views

CVE-2018-17012

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services e.g., inetd, HTTP, DNS, and UPnP via long JSON data for hostsinfo setblockflag uplimit...

6.5CVSS7.1AI score0.0104EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:14 a.m.13 views

CVE-2019-11216

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...

6.5CVSS6.6AI score0.01835EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/05/21 9:21 a.m.9 views

CVE-2025-3750 Network Posts Extended <= 7.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via post_height Parameter

The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘postheight’ parameter in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00244EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/10 7:19 a.m.29 views

CVE-2025-4127

The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Price Range’ parameter in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00223EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/05/07 11:31 a.m.39 views

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

Cybersecurity researchers have disclosed multiple security flaws in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and...

9.8CVSS10AI score0.98851EPSS
Exploits7
Vulnrichment
Vulnrichment
added 2025/05/03 7:22 a.m.9 views

CVE-2025-3815 SurveyJS <= 1.12.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.12.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS5.8AI score0.00255EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/12 8:22 a.m.5 views

CVE-2025-1455 Royal Elementor Addons and Templates <= 1.7.1012 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00244EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/04 4:21 a.m.11 views

CVE-2025-2075 Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...

8.8CVSS0.02245EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/26 12:41 p.m.8 views

CVE-2025-2228 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.8 - Authenticated (Contributor+) Sensitive Information Exposure

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'registeruser' function. This makes it possible for authenticated attackers, with...

5.7CVSS6.6AI score0.00333EPSS
Exploits0References3
Rows per page
Query Builder