Lucene search
+L

57 matches found

Patchstack
Patchstack
added 2025/10/15 1:10 a.m.7 views

WordPress DocoDoco Store Locator plugin <= 1.0.1 - Authenticated (Editor+) Arbitrary File Upload vulnerability

Authenticated Editor+ Arbitrary File Upload vulnerability discovered by ifoundbug in WordPress Plugin DocoDoco Store Locator versions = 1.0.1...

7.2CVSS6.8AI score0.00648EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/10/15 12:48 a.m.8 views

WordPress onOffice for WP-Websites plugin <= 6.5.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by dutafi in WordPress Plugin onOffice for WP-Websites versions = 6.5.1...

4.9CVSS5.8AI score0.00344EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11421

Malware in sbrugna...

5.4CVSS5.4AI score0.00624EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-44816

Malicious code in bioql PyPI...

7.2CVSS6.5AI score0.00949EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/09/22 7:5 p.m.7 views

WordPress TZ PlusGallery Plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Jieun Kim in WordPress Plugin TZ PlusGallery versions = 1.5.5...

5.9CVSS6AI score0.00223EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/10 11:17 p.m.4 views

CVE-2025-58746

The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary...

9CVSS7.6AI score0.00285EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/05 1:21 p.m.4 views

WordPress Elementor Element Condition Plugin <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Que Thanh Tuan Blue Rock in WordPress Plugin Elementor Element Condition versions = 1.0.5...

6.5CVSS6AI score0.00196EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/08/13 1:36 p.m.7 views

WordPress WP Airdrop Manager plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin WP Airdrop Manager versions = 1.0.5...

5.9CVSS5.9AI score0.00225EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:1 a.m.5 views

CVE-2024-31394

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

6.5CVSS6.6AI score0.00739EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/19 3:53 a.m.63 views

WordPress Team Members Showcase plugin < 4.4.2 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Team versions 4.4.2...

4.8CVSS6AI score0.00266EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/05/15 8:15 p.m.1 views

CVE-2024-8492

The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS5.8AI score0.0032EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/04/07 9:56 p.m.11 views

WordPress Slider, Gallery, Carousel by MetaSlider plugin < 3.95.0 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Responsive Slider by MetaSlider versions 3.95.0...

3.5CVSS7.4AI score0.00274EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/04/01 10:7 p.m.5 views

WordPress Smart Icons For WordPress plugin <= 1.0.4 - Authenticated (Editor+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin Smart Icons For WordPress versions = 1.0.4...

6.4CVSS6.3AI score0.00299EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/20 12:0 a.m.9 views

PT-2025-7591

Name of the Vulnerable Software and Affected Versions DDSN Interactive cm3 Acora CMS version 10.1.1 Description The issue concerns an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the...

6CVSS6AI score0.009EPSS
Exploits0References8
OSV
OSV
added 2024/11/06 6:15 a.m.3 views

CVE-2024-7879

The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS5.8AI score0.00303EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/10/21 12:0 a.m.9 views

WordPress Category and Taxonomy Meta Fields Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Category and Taxonomy Meta Fields Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9590 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0608197ee970 Credits István...

5.5CVSS5.7AI score0.00256EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/26 12:0 a.m.13 views

WordPress Simple Job Board Plugin <= 2.12.3 is vulnerable to PHP Object Injection

Software Simple Job Board Type Plugin Vulnerable versions = 2.12.3 Fixed in 2.12.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7351 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID a1947bfcfa95 Credits Francesco Carlucci Required privileg...

7.2CVSS6.8AI score0.0062EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/08/07 12:0 a.m.15 views

WordPress 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Plugin <= 1.15.6 is vulnerable to Cross Site Scripting (XSS)

Software 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Type Plugin Vulnerable versions = 1.15.6 Fixed in 1.15.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43152 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c27b38c9e4e0...

6.1CVSS6.6AI score0.0028EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/07/13 6:0 a.m.58 views

CVE-2024-3026

CVE-2024-3026 affects WordPress Button Plugin MaxButtons (versions

5.4CVSS5.5AI score0.00492EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/06/28 12:0 a.m.19 views

WordPress PowerPack Lite for Beaver Builder Plugin <= 1.3.0.3 is vulnerable to Local File Inclusion

Software PowerPack Lite for Beaver Builder Type Plugin Vulnerable versions = 1.3.0.3 Fixed in 1.3.0.4 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-37410 Patch priority Low CVSS severity Low 4.9 Developer IdeaBox Creations PSID 6c1f186fa5b1 Credits João...

7.2CVSS6.6AI score0.00557EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder