Lucene search
+L

2089 matches found

NVD
NVD
added 2023/10/21 8:15 a.m.25 views

CVE-2023-5205

The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addcustombodyclass' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00312EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/21 7:33 a.m.25 views

CVE-2023-5205 Add Custom Body Class <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addcustombodyclass' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00312EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/20 6:35 a.m.8 views

CVE-2023-4947 WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS6.5AI score0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/20 6:35 a.m.37 views

CVE-2023-4947 WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS4.6AI score0.00357EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/09/20 12:0 a.m.10 views

WooCommerce CVR Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) CVR Update

Description The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordercvrdata AJAX action. This makes it possible for authenticated attackers with contributor-level access and above, to update C...

4.3CVSS6.2AI score0.00321EPSS
Exploits0Affected Software1
NVD
NVD
added 2023/09/14 4:15 a.m.24 views

CVE-2023-4948

The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordercvrdata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS4.3AI score0.00321EPSS
Exploits0References2
Prion
Prion
added 2023/09/14 4:15 a.m.25 views

Design/Logic Flaw

The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordercvrdata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4CVSS4.6AI score0.00321EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2023/05/16 12:0 a.m.1 views

Cross-site Scripting (XSS)

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient sanitization of block attributes. An attacker can embed arbitrary content in HTML comments on the page by...

6.4CVSS5.2AI score
Exploits0References2
Prion
Prion
added 2021/11/17 6:15 p.m.36 views

Input validation

The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain...

6.5CVSS8.7AI score0.79823EPSS
Exploits5References6Affected Software1
Rows per page
Query Builder