Lucene search
K

104 matches found

Patchstack
Patchstack
added 2025/02/18 11:35 p.m.5 views

WordPress Disable Auto Updates plugin <= 1.4 - Cross-Site Request Forgery to Auto-update Disable vulnerability

Cross-Site Request Forgery to Auto-update Disable vulnerability discovered by SOPROBRO in WordPress Plugin Disable Auto Updates versions = 1.4...

4.3CVSS7AI score0.00154EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.7 views

electron-builder security vulnerability

electron-builder is a tool for packaging and building ready-to-distribute Electron, Proton Native applications for macOS, Windows, and Linux with out-of-the-box "auto-update" support. A security vulnerability exists in electron-builder prior to version 6.3.0-alpha.6, which can be exploited to...

7.5CVSS6.9AI score0.00336EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 11:10 a.m.64 views

BIT-WORDPRESS-2021-29447 WordPress Authenticated XXE attack when installation is running PHP 8

Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...

7.1CVSS6.4AI score0.85719EPSS
Exploits20References8
OSV
OSV
added 2024/03/06 11:10 a.m.19 views

BIT-WORDPRESS-2021-29450 WordPress Authenticated disclosure of password-protected posts and pages

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

6.5CVSS5.3AI score0.02331EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 11:10 a.m.16 views

BIT-WORDPRESS-2021-39200 Information Disclosure in wp_die() via JSONP in wordpress

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wpdie can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on yo...

5.3CVSS5.3AI score0.02207EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:10 a.m.118 views

BIT-WORDPRESS-MULTISITE-2021-29447 WordPress Authenticated XXE attack when installation is running PHP 8

Wordpress is an open source CMS. A user with the ability to upload files like an Author can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has...

7.1CVSS6.4AI score0.85719EPSS
Exploits20References8
OSV
OSV
added 2024/03/06 11:10 a.m.20 views

BIT-WORDPRESS-MULTISITE-2021-29450 WordPress Authenticated disclosure of password-protected posts and pages

Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases...

6.5CVSS5.3AI score0.02331EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 11:10 a.m.28 views

BIT-WORDPRESS-MULTISITE-2021-39200 Information Disclosure in wp_die() via JSONP in wordpress

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wpdie can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on yo...

5.3CVSS5.3AI score0.02207EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:10 a.m.30 views

BIT-WORDPRESS-2022-21661 SQL injection in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...

8CVSS8AI score0.97795EPSS
Exploits14References12
OSV
OSV
added 2024/03/06 11:10 a.m.22 views

BIT-WORDPRESS-2022-21663 Authenticated Object Injection in Multisites in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

7.2CVSS7.7AI score0.03695EPSS
Exploits1References8
OSV
OSV
added 2024/03/06 11:10 a.m.25 views

BIT-WORDPRESS-MULTISITE-2022-21661 SQL injection in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...

8CVSS8AI score0.97795EPSS
Exploits14References12
OSV
OSV
added 2024/03/06 11:10 a.m.16 views

BIT-WORDPRESS-2022-21664 SQL injection in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...

8.8CVSS8.2AI score0.04052EPSS
Exploits0References8
OSV
OSV
added 2024/03/06 11:9 a.m.19 views

BIT-WORDPRESS-MULTISITE-2022-21662 Stored XSS in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users like author in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched...

8CVSS6.7AI score0.63712EPSS
Exploits0References7
OSV
OSV
added 2024/03/06 11:9 a.m.22 views

BIT-WORDPRESS-MULTISITE-2022-21663 Authenticated Object Injection in Multisites in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

7.2CVSS7.7AI score0.03695EPSS
Exploits1References8
OSV
OSV
added 2024/03/06 11:9 a.m.34 views

BIT-WORDPRESS-MULTISITE-2022-21664 SQL injection in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...

8.8CVSS8.2AI score0.04052EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2023/08/16 11:12 a.m.34 views

Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security

More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud...

6.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/01/11 12:0 a.m.52 views

Debian DSA-5039-1 : wordpress - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5039 advisory. Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, run unchecked SQL queries,...

8.8CVSS7AI score0.97795EPSS
Exploits15References13
NVD
NVD
added 2022/01/06 11:15 p.m.13 views

CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

7.2CVSS0.03695EPSS
Exploits1References7
OSV
OSV
added 2022/01/06 11:15 p.m.2 views

DEBIAN-CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

7.2CVSS7.4AI score0.03695EPSS
Exploits1References1
OSV
OSV
added 2022/01/06 11:15 p.m.3 views

DEBIAN-CVE-2022-21664

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...

8.8CVSS8AI score0.04052EPSS
Exploits0References1
Rows per page
Query Builder