Lucene search
K

6 matches found

Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.153 views

📄 WordPress Omnipress 1.6.3 Cross Site Scripting

WordPress Omnipress plugin versions 1.6.3 and below suffer from a persistent cross site scripting vulnerability. CVE-2025-12163: Stored Cross-Site Scripting in Omnipress WordPress Plugin Keywords: CVE-2025-XXXXX, Omnipress WordPress vulnerability, stored XSS, WordPress security, authenticated XSS...

6.4CVSS6.4AI score0.00309EPSS
Exploits2
NVD
NVD
added 2023/12/04 10:15 p.m.31 views

CVE-2023-5762

The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE Remote Code Execution vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges...

8.8CVSS0.02024EPSS
Exploits2References1
Prion
Prion
added 2023/12/04 10:15 p.m.15 views

Remote code execution

The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE Remote Code Execution vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges...

6.5CVSS7.5AI score0.02024EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.4 views

WordPress plugin Filr security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS8.3AI score0.02024EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/11/13 12:0 a.m.21 views

Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext

Description The plugin is vulnerable from an RCE Remote Code Execution vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. PoC 1 Go to main dashboard of plugin...

8.8CVSS7.8AI score0.02024EPSS
Exploits2Affected Software1
Prion
Prion
added 2022/11/16 2:15 p.m.23 views

Code injection

The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SV...

4.9CVSS5.7AI score0.00413EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder