Lucene search
K

1231 matches found

OSV
OSV
added 2022/05/24 7:5 p.m.29 views

GHSA-5HR6-R8H6-WH22 JetPack Exposure of Resource to Wrong Sphere

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhgvcs that allowed the comments of non-published...

5.3CVSS5.3AI score0.01494EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2022/05/24 7:5 p.m.19 views

JetPack Exposure of Resource to Wrong Sphere

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhgvcs that allowed the comments of non-published...

5.3CVSS5.5AI score0.01494EPSS
Exploits2References4Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/18 12:0 a.m.15 views

Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Create/edit a Carousel, add a Slide and put the following payload in the Description The XSS will be...

4.8CVSS2.2AI score0.00565EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.14 views

WordPress Carousel CK plugin <= 1.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Carousel CK plugin versions = 1.1.0. Solution Deactivate and delete. This plugin has been closed as of May 16, 2022 and is not available for download. This closure is temporary, pending a full revi...

4.8CVSS2.2AI score0.00565EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.127 views

Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Create/edit a Carousel, add a Slide and put the following payload in the Description The XSS will be...

4.8CVSS1AI score0.00565EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/16 12:0 a.m.128 views

Video Slider - Slider Carousel < 1.4.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a video from a slider and put the following payload in the Description: , then save/update the vide...

4.8CVSS4.9AI score0.00565EPSS
Exploits2
Patchstack
Patchstack
added 2022/05/16 12:0 a.m.18 views

WordPress Video Slider – Slider Carousel plugin <= 1.4.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Video Slider – Slider Carousel plugin versions = 1.4.6. Solution Update the WordPress Video Slider – Slider Carousel plugin to the latest available version at least 1.4.8...

4.8CVSS1.9AI score0.00565EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/16 12:0 a.m.28 views

Video Slider - Slider Carousel < 1.4.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a video from a slider and put the following payload in the Description: , then save/update the...

4.8CVSS2.3AI score0.00565EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.5 views

WordPress Nitek Carousel Slider Cool Transitions plugin <= 1.1.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Nitek Carousel Slider Cool Transitions plugin versions = 1.1.0. Solution No patched version available...

2.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress Ultimate Carousel For Divi plugin <= 4.3.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Ultimate Carousel For Divi plugin versions = 4.3.0. Solution Update the WordPress Ultimate Carousel For Divi plugin to the latest available version at least 4.3.1...

2.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress WP Tools Divi Product Carousel plugin <= 1.4.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Tools Divi Product Carousel plugin versions = 1.4.0. Solution Update the WordPress WP Tools Divi Product Carousel plugin to the latest available version at least 1.5.0...

3.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.17 views

WordPress Ultimate Carousel For Divi plugin <= 4.3.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Ultimate Carousel For Divi plugin versions = 4.3.0. Solution Update the WordPress Ultimate Carousel For Divi plugin to the latest available version at least 4.3.1...

3.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.8 views

WordPress Post Carousel Divi plugin <= 1.1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Post Carousel Divi plugin versions = 1.1.0. Solution Update the WordPress Post Carousel Divi plugin to the latest available version at least 1.1.1...

3.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.8 views

WordPress Image Carousel For Divi plugin <= 1.4.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Image Carousel For Divi plugin versions = 1.4.0. Solution Update the WordPress Image Carousel For Divi plugin to the latest available version at least 1.5.0...

3.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress Product Carousel For WooCommerce – WoorouSell plugin < 1.0.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Product Carousel For WooCommerce – WoorouSell plugin versions 1.0.9. Solution Update the WordPress Product Carousel For WooCommerce – WoorouSell plugin to the latest available version at least 1.0.9...

3.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.8 views

WordPress WP Tools Divi Product Carousel plugin <= 1.4.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WP Tools Divi Product Carousel plugin versions = 1.4.0. Solution Update the WordPress WP Tools Divi Product Carousel plugin to the latest available version at least 1.5.0...

2.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.13 views

WordPress Image Carousel For Divi plugin <= 1.4.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Image Carousel For Divi plugin versions = 1.4.0. Solution Update the WordPress Image Carousel For Divi plugin to the latest available version at least 1.5.0...

2.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.13 views

WordPress WP Tools Divi Blog Carousel plugin <= 1.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Tools Divi Blog Carousel plugin versions = 1.2.0. Solution Update the WordPress WP Tools Divi Blog Carousel plugin to the latest available version at least 1.3.0...

3.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress Nitek Carousel Slider Cool Transitions plugin <= 1.1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Nitek Carousel Slider Cool Transitions plugin versions = 1.1.0. Solution No patched version available...

3.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.8 views

WordPress WP Tools Divi Blog Carousel plugin <= 1.2.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WP Tools Divi Blog Carousel plugin versions = 1.2.0. Solution Update the WordPress WP Tools Divi Blog Carousel plugin to the latest available version at least 1.3.0...

2AI score
Exploits0References2Affected Software1
Rows per page
Query Builder