Lucene search
K

142 matches found

Vulnrichment
Vulnrichment
added 2025/11/01 6:40 a.m.5 views

CVE-2025-10487 Advanced Ads <= 2.0.12 - Unauthenticated Limited Code Execution

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.12 via the selectone function. This is due to the endpoint not properly restricting access to the AJAX endpoint or limiting the functions that can be calle...

7.3CVSS6AI score0.00428EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-0539

Malware in sbrugna...

5CVSS6.1AI score0.02521EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-1961

Malware in sbrugna...

6.1CVSS6.3AI score0.01116EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-40293

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00411EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-5612

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote...

6.1CVSS7AI score0.02874EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:43 a.m.11 views

CVE-2024-23725

Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries...

6.1CVSS5.7AI score0.00436EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:52 a.m.8 views

CVE-2023-46776

Cross-Site Request Forgery CSRF vulnerability in Serena Villa Auto Excerpt everywhere plugin = 1.5 versions...

8.8CVSS8.5AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.7 views

CVE-2023-26011

Cross-Site Request Forgery CSRF vulnerability in Tim Eckel Read More Excerpt Link plugin = 1.6 versions...

8.8CVSS7.1AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:32 a.m.4 views

CVE-2023-1068

The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the readmoreexcerptlinkmenuoptions function. This makes it possible for unauthenticated attackers t...

4.3CVSS6.3AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:1 p.m.5 views

CVE-2021-24319

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue...

5.4CVSS6.3AI score0.01681EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:10 a.m.7 views

CVE-2018-5311

The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjooecaeoptionscustomcss parameter to the wp-admin/admin.php?page=tonjooexcerpt URI...

5.4CVSS6AI score0.00595EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:30 a.m.7 views

CVE-2012-6635

wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft...

4CVSS6AI score0.02116EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/07/18 6:30 a.m.4 views

WordPress Cooked Plugin <= 1.7.15.4 - Authenticated (Contributor+) HTML Injection via Recipe Excerpt vulnerability

Authenticated Contributor+ HTML Injection via Recipe Excerpt vulnerability discovered by RE-ALTER in WordPress Plugin Cooked versions = 1.7.15.4...

7.2AI score
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/02 5:15 p.m.24 views

CVE-2024-3312

The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts...

5.3CVSS5.1AI score0.00573EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.6 views

WordPress plugin Easy Custom Auto Excerpt 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

5.3CVSS6.5AI score0.00573EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.6 views

PT-2024-25121 · WordPress · Easy Custom Auto Excerpt

Name of the Vulnerable Software and Affected Versions: Easy Custom Auto Excerpt plugin for WordPress versions up to, and including, 2.4.12 Description: The issue allows unauthenticated attackers to obtain excerpts of password-protected posts, potentially exposing sensitive information...

5.3CVSS6.9AI score0.00573EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/04/19 2:11 a.m.5 views

WordPress Easy Custom Auto Excerpt plugin <= 2.4.12 - Sensitive Information Exposure vulnerability

Sensitive Information Exposure vulnerability discovered by Krzysztof Zając in WordPress Plugin Easy Custom Auto Excerpt versions = 2.4.12...

5.3CVSS7AI score0.00573EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/19 12:0 a.m.14 views

WordPress Easy Custom Auto Excerpt Plugin <= 2.4.12 is vulnerable to Sensitive Data Exposure

Software Easy Custom Auto Excerpt Type Plugin Vulnerable versions = 2.4.12 Fixed in 2.5.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-3312 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b2ba9ac0c028 Credits Krzysztof Zając...

5.3CVSS6.5AI score0.00573EPSS
Exploits0References3Affected Software1
wpexploit
wpexploit
added 2024/03/07 12:0 a.m.161 views

My Calendar < 3.4.24 - Authenticated Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks depending on the permissions set by the admin 1. Use any type of role as long as you permit it the action to Add Events. 2. Add a n...

6AI score0.00425EPSS
Exploits2
OSV
OSV
added 2024/03/06 10:52 a.m.18 views

BIT-GHOST-2024-23725

Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries...

6.1CVSS5.8AI score0.00436EPSS
Exploits0References3
Rows per page
Query Builder