Lucene search
+L

7 matches found

Patchstack
Patchstack
added 2025/07/31 6:51 p.m.9 views

WordPress Benaa Framework plugin <= 4.0.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin Benaa Framework versions = 4.0.0...

6.4CVSS6.9AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/31 6:51 p.m.7 views

WordPress Beyot Framework plugin <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin Beyot Framework versions = 6.0.6...

6.4CVSS6.9AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/07/31 6:51 p.m.7 views

WordPress Auteur Framework plugin <= 7.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin Auteur Framework versions = 7.1...

6.4CVSS6.9AI score0.00164EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2025/05/02 4:15 a.m.25 views

CVE-2024-13419

creationtimestamp| type| source ---|---|--- 2025-05-02 04:15:55+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14438 2025-05-02 07:34:49+00:00| seen| https://t.me/cvedetector/24322 2025-05-02 08:00:33+00:00| seen|...

6.4CVSS8.7AI score0.00164EPSS
Exploits0References3
NVD
NVD
added 2025/05/02 4:15 a.m.30 views

CVE-2024-13419

Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions and importThemeOptions functions in various versions. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00164EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/02 3:21 a.m.30 views

CVE-2024-13419 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions and importThemeOptions functions in various versions. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00164EPSS
Exploits0References2
CVE
CVE
added 2025/05/02 3:21 a.m.64 views

CVE-2024-13419

CVE-2024-13419 affects WordPress plugins/themes that use Smart Framework. The issue is a missing capability check in saveOptions() and importThemeOptions(), enabling authenticated users with Subscriber-level access or higher to update plugin/theme settings and inject custom JavaScript that runs s...

6.4CVSS5.8AI score0.00164EPSS
Exploits0References2Affected Software4
Rows per page
Query Builder