Lucene search
K

38 matches found

ATTACKERKB
ATTACKERKB
added 2023/06/03 5:15 a.m.4 views

CVE-2023-2404

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editpost...

6.4CVSS7AI score0.00596EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2023/06/03 12:0 a.m.6 views

PT-2023-19373 · Vcita · Crm/Lead Management By Vcita

Name of the Vulnerable Software and Affected Versions: CRM and Lead Management by vcita plugin for WordPress versions up to, and including, 2.6.2 Description: The issue is related to Stored Cross-Site Scripting via the email parameter due to insufficient input sanitization and output escaping. Th...

6.4CVSS5.7AI score0.00596EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2023/06/03 12:0 a.m.7 views

PT-2023-18822 · Vcita · Contact Form/Calls To Action

Name of the Vulnerable Software and Affected Versions: Contact Form and Calls To Action by vcita plugin for WordPress versions up to, and including, 2.6.4 Description: The issue is related to Stored Cross-Site Scripting via the email parameter due to insufficient input sanitization and output...

6.4CVSS5.8AI score0.00518EPSS
Exploits1References8
OSV
OSV
added 2022/05/02 4:15 p.m.5 views

CVE-2022-1239

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks...

8.8CVSS7.3AI score0.01413EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/05/02 4:15 p.m.10 views

CVE-2022-1239

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks...

8.8CVSS7.6AI score0.01413EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/05/02 12:0 a.m.4 views

WordPress plugin HubSpot 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. versions of the WordPress HubSpot plugin prior to 8.8.15 are vulnerable to server-side request...

8.8CVSS7.8AI score0.01413EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.12 views

WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin < 3.3.33 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin versions 3.3.33. Solution Update the WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin to...

1.8AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/02/22 12:0 a.m.6 views

The vulnerability lies in the implementation of the edit_posts permission plugin for PHP code, which allows a hacker to execute arbitrary code.

The vulnerability of the editposts permission implementation in the PHP plugin for PHP Everywhere is related to incorrect code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code using Götterhuber blocks...

9.9CVSS8.3AI score0.02436EPSS
Exploits3References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/02/22 12:0 a.m.5 views

The vulnerability lies in the implementation of the edit_posts permission plugin for PHP code, which allows a hacker to execute arbitrary code.

The vulnerability of the editposts permission implementation in the PHP plugin for PHP Everywhere is related to incorrect code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely using metashells...

9.9CVSS8.3AI score0.01589EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2022/02/16 5:15 p.m.30 views

CVE-2022-24664

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts...

9.9CVSS0.01589EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/10/18 12:0 a.m.5 views

WordPress 插件跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress Podcast Subscribe Buttons plugin in versions prior to 1.4.2, which stems from a lack of checksum filtering of user-supplied data and output...

5.4CVSS5.3AI score0.00604EPSS
Exploits2References2
OSV
OSV
added 2021/09/20 10:15 a.m.7 views

CVE-2021-24585

The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts...

6.5CVSS5.9AI score0.01139EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2021/09/02 12:0 a.m.5 views

PT-2021-22030 · WordPress · The Gutenberg Template Library & Redux Framework

Name of the Vulnerable Software and Affected Versions: The Gutenberg Template Library & Redux Framework plugin versions prior to 4.2.12 Description: The issue concerns an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route. Specifically, t...

7.1CVSS6.5AI score0.01341EPSS
Exploits2References4
OSV
OSV
added 2021/04/05 7:15 p.m.4 views

CVE-2021-24207

By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages...

4.3CVSS5.8AI score0.00689EPSS
Exploits2References2
OSV
OSV
added 2015/08/03 2:59 p.m.6 views

DEBIAN-CVE-2015-5623

WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...

4CVSS6.8AI score0.08814EPSS
Exploits1References1
OSV
OSV
added 2015/08/03 2:59 p.m.13 views

CVE-2015-5623

WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...

6AI score
Exploits0References10
OSV
OSV
added 2012/09/14 7:55 p.m.4 views

DEBIAN-CVE-2010-5106

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role...

6.5CVSS6.5AI score0.02176EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2008/02/08 1:0 a.m.47 views

CVE-2008-0664

The XML-RPC implementation xmlrpc.php in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors...

6.4CVSS6.1AI score0.03553EPSS
Exploits1
Rows per page
Query Builder