Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5078 matches found

Positive Technologies
Positive Technologiesadded 2024/01/23 12:0 a.m.5 views

PT-2024-13800 · Silverstripe · Silverstripe/Admin

Name of the Vulnerable Software and Affected Versions: Silverstripe Admin versions 1.x prior to 1.13.19 Silverstripe Admin versions 2.x prior to 2.1.8 Description: The issue allows users who don't have edit or delete permissions for records exposed in a ModelAdmin to still edit or delete records...

4.3CVSS4.3AI score0.00341EPSS
Exploits0References12
NVD
NVDadded 2024/01/16 4:15 p.m.16 views

CVE-2023-2252

The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files...

2.7CVSS3.5AI score0.01313EPSS
Exploits2References1
OSV
OSVadded 2024/01/16 4:15 p.m.8 views

CVE-2023-2252

The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files...

2.7CVSS6.6AI score
Exploits0References1
NVD
NVDadded 2024/01/16 4:15 p.m.22 views

CVE-2022-3604

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...

7.8CVSS7.8AI score0.00428EPSS
Exploits2References1
OSV
OSVadded 2024/01/16 4:15 p.m.3 views

CVE-2022-3604

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...

7.8CVSS5.8AI score0.00428EPSS
Exploits2References1
Prion
Prionadded 2024/01/16 4:15 p.m.23 views

Design/Logic Flaw

The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files...

3.3CVSS7AI score0.01313EPSS
Exploits2References1Affected Software1
Prion
Prionadded 2024/01/16 4:15 p.m.17 views

Design/Logic Flaw

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...

4.4CVSS7.3AI score0.00428EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/01/16 3:55 p.m.10 views

CVE-2023-2252 Directorist < 7.5.4 - Admin+ LFI

The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files...

3.6AI score0.01313EPSS
Exploits2References1
Cvelist
Cvelistadded 2024/01/16 3:55 p.m.21 views

CVE-2023-2252 Directorist < 7.5.4 - Admin+ LFI

The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files...

4AI score0.01313EPSS
Exploits2References1
CVE
CVEadded 2024/01/16 3:55 p.m.106 views

CVE-2023-2252

CVE-2023-2252 affects Directorist WordPress plugin pre-7.5.4. The vulnerability is Local File Inclusion (LFI) in the CSV import feature, arising because the plugin does not validate the file parameter during CSV imports. Technical details in connected docs confirm LFI risk and potential exposure ...

2.7CVSS3.9AI score0.01313EPSS
Exploits2References1Affected Software1
CVE
CVEadded 2024/01/16 3:52 p.m.54 views

CVE-2022-3604

CVE-2022-3604 affects the WordPress plugin Contact Form Entries prior to version 1.3.0. The issue is that data exported to CSV is not validated, which can lead to CSV injection via the exported file. A PoC demonstrates crafting a CSV lead value like =5+5 that, when opened in a spreadsheet, can ex...

7.8CVSS7.7AI score0.00428EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/01/16 3:52 p.m.16 views

CVE-2022-3604 Contact Form Entries < 1.3.0 - CSV Injection

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...

7AI score0.00428EPSS
Exploits2References1
Cvelist
Cvelistadded 2024/01/16 3:52 p.m.29 views

CVE-2022-3604 Contact Form Entries < 1.3.0 - CSV Injection

The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection...

8AI score0.00428EPSS
Exploits2References1
CNNVD
CNNVDadded 2024/01/16 12:0 a.m.4 views

WordPress plugin Directorist security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...

2.7CVSS6.4AI score0.01313EPSS
Exploits2References2
Positive Technologies
Positive Technologiesadded 2024/01/16 12:0 a.m.5 views

PT-2024-11967 · WordPress · Directorist Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Directorist WordPress plugin versions prior to 7.5.4 Description: The issue is related to Local File Inclusion, where the plugin does not validate the file parameter when importing CSV files. This allows for potential exploitation. There is n...

2.7CVSS4.9AI score0.01313EPSS
Exploits2References8
Positive Technologies
Positive Technologiesadded 2024/01/16 12:0 a.m.5 views

PT-2024-11597 · WordPress · Contact Form Entries

Name of the Vulnerable Software and Affected Versions: Contact Form Entries WordPress plugin versions prior to 1.3.0 Description: The issue concerns the Contact Form Entries WordPress plugin, which does not validate data when outputting it in a CSV file. This lack of validation could lead to CSV...

7.8CVSS7.7AI score0.00428EPSS
Exploits2References5
Kitploit
Kitploitadded 2024/01/14 11:30 a.m.46 views

EasyEASM - Zero-dollar Attack Surface Management Tool

Zero-dollar attack surface management tool featured at Black Hat Arsenal 2023 and Recon Village @ DEF CON 2023. Description Easy EASM is just that... the easiest to set-up tool to give your organization visibility into its external facing assets. The industry is dominated by $30k vendors selling...

7AI score
Exploits0References2
NVD
NVDadded 2024/01/11 9:15 a.m.25 views

CVE-2023-7048

The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger the export of a C...

4.3CVSS3.8AI score0.00211EPSS
Exploits0References2
OSV
OSVadded 2024/01/11 9:15 a.m.3 views

CVE-2023-7048

The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger the export of a C...

4.3CVSS7.1AI score0.00211EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2024/01/11 9:15 a.m.3 views

CVE-2023-7048

The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger the export of a C...

4.3CVSS5.3AI score0.00211EPSS
Exploits0References3
Rows per page
Query Builder