Lucene search
K

5 matches found

OSV
OSV
added 2026/05/29 10:19 p.m.8 views

GHSA-PGXQ-P76C-X9CG formie's unauthenticated front-end submission editing can overwrite existing submissions

Impact Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. Patches 2.2.21, 3.1.26 Workarounds Block unauthenticated access to actions/formie/submissions/save-submission, or disable/customize front-end submissio...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References5
CVE
CVE
added 2026/02/18 9:25 a.m.14 views

CVE-2026-2126

CVE-2026-2126 affects the WordPress plugin “User Submitted Posts – Enable Users to Submit Posts from the Front End.” The issue is Incorrect Authorization: the function usp_get_submitted_category() accepts user-submitted category IDs from POST without validating against configured allowed categori...

5.3CVSS5.7AI score0.00345EPSS
Exploits0References4
NVD
NVD
added 2026/01/24 9:15 a.m.8 views

CVE-2026-0800

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00213EPSS
Exploits0References2
OSV
OSV
added 2024/10/24 7:15 a.m.3 views

CVE-2024-9864

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS5.9AI score0.00291EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.4 views

PT-2024-39896 · WordPress · Eventprime – Events Calendar

Name of the Vulnerable Software and Affected Versions: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress versions up to, and including, 4.0.4.7 Description: The issue is related to Stored Cross-Site Scripting via ticket names due to insufficient input sanitization and...

6.1CVSS6.1AI score0.00291EPSS
Exploits0References6
Rows per page
Query Builder