Lucene search
K

8 matches found

CVE
CVE
added 2025/12/12 9:20 a.m.17 views

CVE-2025-12348

CVE-2025-12348 is an issue in the Icegram Express Email Subscribers & Newsletters WordPress plugin. According to the connected Wordfence document, versions up to and including 5.9.10 are vulnerable to Missing Authorization in the run_action_scheduler_task function, allowing unauthenticated attack...

5.3CVSS5.9AI score0.00375EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50244

Name of the Vulnerable Software and Affected Versions STVS ProVision version 5.9.10 Description The software contains a cross-site request forgery issue. This allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. An attacker can create new...

6.9CVSS6.6AI score0.00164EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.7 views

PT-2025-47426

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the trigger mailing queue...

5.3CVSS6AI score0.00265EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2024/11/01 3:15 p.m.5 views

CVE-2024-43235

Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10...

7.1CVSS5.1AI score0.00419EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/12 6:26 a.m.4 views

WordPress Event post plugin <= 5.9.10 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Event post versions = 5.9.10...

4.3CVSS7AI score0.00192EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/04/09 7:15 p.m.3 views

CVE-2024-2650

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all versions up to, and including, 5.9.10 due to insufficient inp...

6.4CVSS5.9AI score0.00356EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.7 views

PT-2024-21408 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.10 Description: The issue is related to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget. This is due to...

6.4CVSS8AI score0.00356EPSS
Exploits0References5
OSV
OSV
added 2023/04/15 12:15 a.m.8 views

AZL-26300 CVE-2023-26463 affecting package strongswan for versions less than 5.9.10-1

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

9.8CVSS8AI score0.02264EPSS
Exploits0References1
Rows per page
Query Builder