Lucene search
K

75 matches found

RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.12 views

CVE-2025-14294

The Razorpay for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getCouponList function in all versions up to, and including, 4.7.8. This is due to the checkAuthCredentials permission callback always returning true,...

5.3CVSS5.5AI score0.00353EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20614

Name of the Vulnerable Software and Affected Versions Razorpay for WooCommerce plugin for WordPress versions through 4.7.8 Description The Razorpay for WooCommerce plugin for WordPress is susceptible to unauthorized data modification. A missing capability check within the getCouponList function,...

5.3CVSS5.3AI score0.00353EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-25360

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/21 7:25 p.m.8 views

CVE-2025-43803

Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...

6.9CVSS7AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.2 views

PT-2025-37809

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Sequoia 15.7 macOS versions prior to Sonoma 14.8 macOS versions prior to Tahoe 26 Description: A privacy issue was addressed with improved private data redaction for log entries. An app may be able to access contact in...

3.3CVSS5.8AI score0.00213EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/08/22 8:31 a.m.12 views

CVE-2025-49891

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through = 1.3.3...

8.5CVSS5.9AI score0.00309EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 8:15 a.m.4 views

CVE-2025-49891

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through = 1.3.3...

8.5CVSS0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/20 8:3 a.m.5 views

CVE-2025-49891 WordPress Contact Info Widget plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in riotweb Contact Info Widget allows Stored XSS. This issue affects Contact Info Widget: from n/a through 2.6.2...

5.9CVSS6.9AI score0.00309EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 8:3 a.m.23 views

CVE-2025-49891

CVE-2025-49891 is a SQL Injection vulnerability in the WordPress plugin Uxper Booking (uxper-booking) , allowing Blind SQL Injection. It affects versions up to and including 1.3.3 . The issue stems from improper neutralization of input in SQL commands, with CVSS 3.1 vector indicating network atta...

8.5CVSS5.9AI score0.00309EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 8:3 a.m.12 views

CVE-2025-49891 WordPress Uxper Booking Plugin <= 1.3.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in uxper Uxper Booking uxper-booking allows Blind SQL Injection.This issue affects Uxper Booking: from n/a through = 1.3.3...

8.5CVSS0.00309EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.2 views

WordPress plugin Contact Info Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.5CVSS6AI score0.00309EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.6 views

PT-2025-33959 · Unknown · Riotweb Contact Info Widget

Name of the Vulnerable Software and Affected Versions: riotweb Contact Info Widget versions through 2.6.2 Description: Improper neutralization of input during web page generation allows for stored cross-site scripting XSS. Recommendations: Update to a version later than 2.6.2...

5.9CVSS5.7AI score0.00309EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/08/17 1:11 a.m.5 views

WordPress Contact Info Widget plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Que Thanh Tuan Blue Rock in WordPress Plugin Contact Info Widget versions = 2.6.2...

5.9CVSS5.8AI score0.00309EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:8 a.m.6 views

CVE-2024-29413

Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function...

5.4CVSS7AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:15 a.m.4 views

CVE-2024-9952

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=systeminfo/contactinfo of the component Contact Information Page. The manipulation of the argument Address leads to cross site...

5.1CVSS5.5AI score0.00402EPSS
Exploits1References1
OSV
OSV
added 2024/12/27 6:15 a.m.2 views

CVE-2024-12982

A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The...

4.8CVSS3.8AI score0.00394EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.3 views

PHPGurukul Blood Bank & Donor Management 安全漏洞

PHPGurukul Blood Bank & Donor Management is a blood bank and donor management system from PHPGurukul, Inc. A security vulnerability exists in PHPGurukul Blood Bank & Donor Management version 2.4, which originates from a cross-site scripting vulnerability contained in the Address parameter of the...

5.1CVSS3.9AI score0.00394EPSS
Exploits0References4
NVD
NVD
added 2024/12/05 10:31 a.m.17 views

CVE-2024-11420

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...

6.4CVSS0.00249EPSS
Exploits0References2
OSV
OSV
added 2024/12/05 10:31 a.m.2 views

CVE-2024-11420

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...

5.4CVSS5.9AI score0.00249EPSS
Exploits0References2
CVE
CVE
added 2024/12/05 9:23 a.m.59 views

CVE-2024-11420

CVE-2024-11420 (Blocksy) : The WordPress Blocksy theme is vulnerable to Stored Cross-Site Scripting via the Contact Info Block's link parameter in all versions up to 2.0.77. An attacker with Contributor-level access or higher can inject scripts that execute when users view the page containing the...

6.4CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder