Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/05/15 7:18 a.m.17 views

CVE-2025-4473

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajaxrequest function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends...

8.8CVSS6.7AI score0.00394EPSS
Exploits0References1
OSV
OSVadded 2024/02/22 9:40 p.m.10 views

GHSA-578P-FXMM-6229 Potentially untrusted input is rendered as HTML in final output

Impact All users of mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input like script would be rendered as in the final HTML output. The attacker must be able to control some data which is later injected in an mjml template which...

8.2CVSS6.3AI score0.01071EPSS
Exploits1References7
Vulnrichment
Vulnrichmentadded 2023/08/11 12:0 a.m.12 views

CVE-2023-40260

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...

7AI score0.00057EPSS
Exploits0References2
Hacker One
Hacker Oneadded 2018/07/06 2:29 p.m.18 views

HackerOne: Ajouter le même utilisateur que celui déjà inscrit dans les équipes

Description: Possibilité d'ajouter le même utilisateur que celui déjà inscrit dans les équipes. Steps To Reproduce 1. Aller sur https://hackerone.com/teamname/teammembers 2. Observer les emails des utilisateurs. 3. Utiliser le même email que celui précédemment inscrit, mais varier les majuscules ...

6.9AI score
Exploits0
Patchstack
Patchstackadded 2016/07/19 12:0 a.m.9 views

WordPress Woo Email Control Plugin <= 1.01 - Multiple Vulnerabilities

This plugin is prone to a reflected cross site scripting and cross site request forgery vulnerabilities. Solution Update the plugin...

2.1AI score
Exploits0References1Affected Software1
wpexploit
wpexploitadded 2016/07/19 12:0 a.m.15 views

Woo Email Control <= 1.01 - Reflected Cross-Site Scripting (XSS) & CSRF

Due to a lack of encoding and CSRF mitigation in the testemail function found on line 106 of classes/class-wooctrl.php, it is possible to automate a request to the AJAX handler for the wooctrlsendtestemail action which will reflect the specified script back to the end user...

7.3AI score
Exploits0References1
WPVulnDB
WPVulnDBadded 2016/07/19 12:0 a.m.8 views

Woo Email Control <= 1.01 - Reflected Cross-Site Scripting (XSS) & CSRF

Due to a lack of encoding and CSRF mitigation in the testemail function found on line 106 of classes/class-wooctrl.php, it is possible to automate a request to the AJAX handler for the wooctrlsendtestemail action which will reflect the specified script back to the end user. PoC...

0.7AI score
Exploits0References1Affected Software1
Kitploit
Kitploitadded 2015/05/20 8:2 p.m.32 views

King Phisher - Phishing Campaign Toolkit

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness...

7.6AI score
Exploits0References1
Rows per page
Query Builder