Lucene search
K

100 matches found

Cvelist
Cvelist
added 2025/02/18 4:21 a.m.13 views

CVE-2024-13852 Option Editor <= 1.0 - Cross-Site Request Forgery to Arbitrary Options Update

The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the pluginpage function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request, grant...

8.8CVSS0.00262EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/18 4:21 a.m.9 views

CVE-2024-13852 Option Editor <= 1.0 - Cross-Site Request Forgery to Arbitrary Options Update

The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the pluginpage function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request, grant...

8.8CVSS6.9AI score0.00262EPSS
Exploits0References3
OSV
OSV
added 2025/01/30 2:15 p.m.5 views

CVE-2024-13661

The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditorvtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS7.4AI score0.00264EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/30 1:41 p.m.5 views

CVE-2024-13661 Table Editor <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditorvtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00264EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/09/13 3:15 p.m.4 views

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

7.2CVSS6AI score0.00578EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/09/13 6:18 a.m.5 views

WordPress WP Editor plugin <= 1.2.9 - Authenticated (Admin+) PHAR Deserialization vulnerability

Authenticated Admin+ PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress Plugin WP Editor versions = 1.2.9...

7.2CVSS7AI score0.00578EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/13 12:0 a.m.14 views

WordPress WP Editor Plugin <= 1.2.9 is vulnerable to PHP Object Injection

Software WP Editor Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.2.9.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-2446 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 2c7bc2d905b6 Credits Rasoul Jahanshahi Required privilege...

7.2CVSS6.9AI score0.00578EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/22 12:0 a.m.4 views

PT-2024-18232 · WordPress · Custom Woocommerce Checkout Fields Editor

Name of the Vulnerable Software and Affected Versions: Custom WooCommerce Checkout Fields Editor plugin for WordPress versions up to, and including, 1.3.1 Description: The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save wcfe...

6.4CVSS8.2AI score0.0043EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/03/17 12:0 a.m.2 views

WordPress Plugin WP Editor Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...

7.5CVSS6.1AI score0.00453EPSS
Exploits0References2
OSV
OSV
added 2024/03/05 2:15 a.m.5 views

CVE-2024-1095

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settingsexport function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.00475EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/28 4:16 p.m.36 views

CVE-2024-24701 WordPress Setka Editor Plugin <= 2.1.20 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...

4.3CVSS5AI score0.00277EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/01 12:0 a.m.4 views

WordPress plugin WP Smart Editor cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6.1AI score0.00372EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/16 3:48 p.m.3 views

CVE-2021-24151 WP Editor < 1.2.7 - Authenticated SQL injection

The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings...

7.3AI score0.00771EPSS
Exploits2References1
OSV
OSV
added 2023/10/13 4:15 p.m.2 views

CVE-2023-45276

Cross-Site Request Forgery CSRF vulnerability in automatededitor.Com Automated Editor plugin = 1.3 versions...

8.8CVSS7.3AI score0.00208EPSS
Exploits0References1
CVE
CVE
added 2023/10/13 3:10 p.m.42 views

CVE-2023-45276

CVE-2023-45276 : CSRF in the WordPress plugin Automated Editor (Automated Editor) for versions

8.8CVSS7AI score0.00208EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/08/30 3:15 p.m.4 views

CVE-2023-1982

The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00379EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2023/06/13 5:15 p.m.5 views

CVE-2023-31541

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server...

9.8CVSS7.4AI score0.01781EPSS
Exploits1References4
NVD
NVD
added 2023/05/10 10:15 a.m.21 views

CVE-2022-33961

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...

4.8CVSS4.4AI score0.00352EPSS
Exploits0References1
Prion
Prion
added 2023/05/10 10:15 a.m.29 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...

4.3CVSS4.8AI score0.00352EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/04/11 4:15 p.m.24 views

CVE-2022-43770

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API...

8.1CVSS6.3AI score0.00483EPSS
Exploits0References1
Rows per page
Query Builder