Lucene search
+L

303 matches found

Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.5 views

PT-2024-16878 · WordPress · Gd Bbpress Attachments

Name of the Vulnerable Software and Affected Versions: GD bbPress Attachments plugin for WordPress versions up to, and including, 4.7.2 Description: The issue arises from the use of add query arg without proper escaping on the URL, leading to Reflected Cross-Site Scripting. This allows...

6.1CVSS9.5AI score0.00377EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/11/19 7:58 p.m.6 views

WordPress GD bbPress Attachments plugin <= 4.7.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin GD bbPress Attachments versions = 4.7.2...

6.1CVSS6.3AI score0.00377EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/19 12:0 a.m.14 views

WordPress GD bbPress Attachments Plugin <= 4.7.2 is vulnerable to Cross Site Scripting (XSS)

Software GD bbPress Attachments Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11278 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3fddb2474371 Credits Colin Xu...

6.1CVSS5.6AI score0.00377EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/02 12:0 a.m.7 views

PT-2024-39922 · WordPress · The Bbp Core

Name of the Vulnerable Software and Affected Versions: The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress versions 1.2.5 and earlier Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping...

6.1CVSS6.8AI score0.00368EPSS
Exploits0References11
NVD
NVD
added 2024/07/21 10:15 p.m.25 views

CVE-2024-37485

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vinny Alves UseStrict Consulting bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3...

7.1CVSS0.00288EPSS
Exploits0References1
OSV
OSV
added 2024/07/21 10:15 p.m.4 views

CVE-2024-37485

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vinny Alves UseStrict Consulting bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3...

6.1CVSS5.8AI score0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/21 9:19 p.m.28 views

CVE-2024-37485 WordPress bbPress Notify (No-Spam) plugin <= 2.18.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vinny Alves UseStrict Consulting bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3...

7.1CVSS0.00288EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/21 9:19 p.m.16 views

CVE-2024-37485 WordPress bbPress Notify (No-Spam) plugin <= 2.18.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Vinny Alves UseStrict Consulting bbPress Notify allows Reflected XSS.This issue affects bbPress Notify: from n/a through 2.18.3...

7.1CVSS7AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/21 12:0 a.m.6 views

PT-2024-27594 · Unknown · Bbpress Notify

Name of the Vulnerable Software and Affected Versions: bbPress Notify versions 2.18.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For bbPress...

7.1CVSS6.5AI score0.00288EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/07/04 9:17 a.m.6 views

WordPress bbPress Notify (No-Spam) plugin <= 2.18.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin bbPress Notify versions = 2.18.3...

7.1CVSS6.1AI score0.00288EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/04 12:0 a.m.15 views

WordPress bbPress Notify Plugin <= 2.18.3 is vulnerable to Cross Site Scripting (XSS)

Software bbPress Notify Type Plugin Vulnerable versions = 2.18.3 Fixed in 2.18.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37485 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 64ebe76096fa Credits Dimas Maulana Required privileg...

7.1CVSS6.6AI score0.00288EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2024/05/30 4:51 a.m.378 views

Exploit for CVE-2024-3293

CVE-2024-3293-Poc rtMedia for WordPress, BuddyPress and bbPre...

8.8CVSS6.7AI score0.01405EPSS
Exploits1
Patchstack
Patchstack
added 2024/04/29 12:8 p.m.4 views

WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.6.18 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by WordFence in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions = 4.6.18...

8.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/29 12:0 a.m.3 views

WordPress rtMedia for WordPress, BuddyPress and bbPress Plugin <= 4.6.18 is vulnerable to SQL Injection

Software rtMedia for WordPress, BuddyPress and bbPress Type Plugin Vulnerable versions = 4.6.18 Fixed in 4.6.19 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 8c202745894f Credits WordFence Required privile...

7.2AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/04/23 1:58 a.m.35 views

CVE-2024-3293 rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmediagallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

8.8CVSS8.9AI score0.01405EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/23 1:58 a.m.18 views

CVE-2024-3293

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmediagallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

8.8CVSS7.2AI score0.01405EPSS
Exploits1References2
CVE
CVE
added 2024/04/23 1:58 a.m.59 views

CVE-2024-3293

The RTMedia plugin for WordPress (rtMedia for WordPress, BuddyPress and bbPress) contains a blind SQL Injection in the rtmedia_gallery shortcode in all versions up to 4.6.18, due to insufficient escaping of user input and lack of proper SQL query preparation. Authenticated attackers with contribu...

8.8CVSS7.1AI score0.01405EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/04/23 12:0 a.m.21 views

WordPress rtMedia for WordPress, BuddyPress and bbPress Plugin <= 4.6.18 is vulnerable to SQL Injection

Software rtMedia for WordPress, BuddyPress and bbPress Type Plugin Vulnerable versions = 4.6.18 Fixed in 4.6.19 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3293 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 7b7bd27ebebe Credits Krzysztof Zając...

8.8CVSS6.8AI score0.01405EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2024/04/23 12:0 a.m.7 views

WordPress plugin rtMedia for WordPress, BuddyPress and bbPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS7.4AI score0.01405EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.19 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.19 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode

Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmediagallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

8.8CVSS7.6AI score0.01405EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder