Lucene search
K

15 matches found

Vulnrichment
Vulnrichment
added 2025/11/15 5:45 a.m.4 views

CVE-2025-12847 All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.8.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Deletion

The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This is due to the REST API endpoint...

4.3CVSS4.9AI score0.0021EPSS
Exploits0References6
OSV
OSV
added 2025/07/02 4:15 a.m.5 views

CVE-2025-4689

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion...

9.8CVSS6AI score0.00531EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.5 views

WordPress plugin OSS Upload 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS8.5AI score0.0017EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 9:38 p.m.12 views

CVE-2022-24897

APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem...

7.5CVSS6.5AI score0.01476EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/10/14 12:57 p.m.5 views

WordPress WP-Spreadplugin plugin <= 4.8.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Sharanabasappa Patchstack Alliance in WordPress Plugin WP-Spreadplugin versions = 4.8.9...

5.9CVSS6.1AI score0.0025EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/04/22 3:15 p.m.2 views

CVE-2022-34560

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter...

7.1CVSS6AI score0.00314EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.7 views

EasyCorp EasyAdmin 跨站脚本漏洞

Easyadmin is a simple, lightweight backend management system scaffolding by laker individual developers. A cross-site scripting vulnerability exists in EasyCorp EasyAdmin 4.8.9 and earlier versions, which stems from a cross-site scripting XSS vulnerability in Autocomplete's function Autocomplete ...

5.4CVSS4.3AI score0.00539EPSS
Exploits0References7
OSV
OSV
added 2023/10/20 8:15 a.m.6 views

CVE-2023-5534

The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions vi...

5.4CVSS6.6AI score0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/18 12:0 a.m.10 views

PT-2023-31923 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot plugin for WordPress versions up to, and including, 4.8.9 AI ChatBot plugin for WordPress version 4.9.2 Description: The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion. This makes it possible for...

9.6CVSS8.6AI score0.01626EPSS
Exploits2References10
CNNVD
CNNVD
added 2023/10/12 12:0 a.m.5 views

NetApp SnapCenter Security Vulnerability

NetApp SnapCenter is a suite of applications from Network Appliance NetApp that provides the ability to back up, authenticate, clone, and restore NetApp storage systems. A security vulnerability exists in NetApp SnapCenter versions 4.8 through 4.9 that originates from allowing authenticated...

8.8CVSS6.7AI score0.00189EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/21 12:0 a.m.5 views

Zope Security Vulnerability

Zope is a set of object-oriented, open source web application servers written in the Python language by the Zope community. A security vulnerability exists in Zope that stems from a stored cross-site scripting vulnerability XSS vulnerability in SVG images. The vulnerability can be exploited to...

5.4CVSS5.9AI score0.00599EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.6 views

Intel SUR 代码问题漏洞

Intel SUR is a Software Asset Manager software from Intel Corporation USA. A security vulnerability exists in IntelR SUR version 2.4.8902, which stems from an improper condition check in the software that could allow a privileged user to covertly enable denial of service via network access...

7.5CVSS7.3AI score0.00608EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/03/16 12:0 a.m.3 views

PT-2022-6908 · Atlassian · Crucible +1

Name of the Vulnerable Software and Affected Versions: Fisheye and Crucible versions prior to 4.8.9 Description: The issue is related to insufficient protection of service data in Fisheye and Crucible, allowing a remote attacker to gain unauthorized access to protected information. The...

4.3CVSS4.4AI score0.00841EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.7 views

Atlassian Fisheye和Crucible 安全漏洞

Atlassian Fisheye is a suite of source code deep viewing software.Atlassian Crucible is a suite of code review tools. A security vulnerability exists in Atlassian Fishey and Crucible versions prior to 4.8.9, which can be exploited by an attacker to inject arbitrary HTML and/or JavaScript...

6.1CVSS5.9AI score0.00703EPSS
Exploits0References4
OSV
OSV
added 2017/06/19 4:29 p.m.3 views

DEBIAN-CVE-2017-1000369

Exim supports the use of multiple "-p" command line arguments which are malloc'ed and never free'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch...

4CVSS7.9AI score0.0053EPSS
Exploits0References1
Rows per page
Query Builder