Lucene search
K

245 matches found

OSV
OSV
added 2023/10/16 8:15 p.m.5 views

CVE-2023-4971

The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...

7.2CVSS7.1AI score0.00976EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/08/07 12:0 a.m.16 views

WP Ultimate CSV Importer < 7.9.9 - Imported Files Disclosure

Description The plugin does not protect its imported files, which could allow unauthenticated users to list and view exported files...

7.5CVSS6.5AI score0.0057EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/05/30 8:15 a.m.5 views

CVE-2023-2113

The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users such as an administrator to inject arbitrary javascript into the admin panel, even when the unfilteredhtml capability is disabled, such as in a...

4.8CVSS5.9AI score0.0047EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.6 views

PT-2023-17921 · WordPress · Autoptimize

Name of the Vulnerable Software and Affected Versions: Autoptimize WordPress plugin versions prior to 3.1.7 Description: The issue allows high privileged users, such as administrators, to inject arbitrary javascript into the admin panel. This can occur even when the unfiltered html capability is...

4.8CVSS6.6AI score0.0047EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.8 views

XWiki Platform 注入漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. An injection vulnerability exists in XWiki Platform that stems from incorrectly escaping information loaded from attachments in imported.vm, importinline.vm, and packagelist.vm...

9.9CVSS7.8AI score0.01144EPSS
Exploits1References5
OSV
OSV
added 2023/03/29 7:15 p.m.5 views

CVE-2022-36969

This vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge 2020 SP2 Patch 04201.2111.1802.0000. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...

7.1CVSS5.6AI score0.13681EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.7 views

SUSE CVE-2019-9834

The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to...

6.1CVSS7.1AI score0.051EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.3 views

SUSE CVE-2021-26349

Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent MA...

5.5CVSS5.3AI score0.0021EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.4 views

SUSE CVE-2021-41771

ImportedSymbols in debug/macho for Open or OpenFat in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation...

7.5CVSS8.7AI score0.04372EPSS
Exploits0References12
OSV
OSV
added 2023/01/10 5:15 p.m.3 views

CVE-2022-4703

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprresetpreviousimport' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported da...

8.1CVSS5.8AI score0.00945EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/01/10 4:55 p.m.34 views

CVE-2022-4703 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Import Deletion

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprresetpreviousimport' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported da...

4.3CVSS8.2AI score0.00945EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2023/01/10 12:0 a.m.18 views

Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Import Deletion

The plugin does not have authorisation and CSRF checks when deleting imported content, which could allow any authenticated user, such as subscriber to perform such action...

8.1CVSS2.9AI score0.00945EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/01/09 11:15 p.m.3 views

CVE-2022-3417

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import intentionally or not a malicious settings file and a suitable gadget chain is present on the blog...

8.8CVSS5.8AI score0.00922EPSS
Exploits1References1
OSV
OSV
added 2023/01/09 11:15 p.m.3 views

CVE-2022-3679

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

8.8CVSS5.8AI score0.00922EPSS
Exploits2References1
NVD
NVD
added 2023/01/09 11:15 p.m.21 views

CVE-2022-3679

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

8.8CVSS8.9AI score0.00922EPSS
Exploits2References1
Prion
Prion
added 2023/01/09 11:15 p.m.17 views

Design/Logic Flaw

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

6.8CVSS8.8AI score0.00922EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/01/09 11:15 p.m.21 views

Design/Logic Flaw

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import intentionally or not a malicious settings file and a suitable gadget chain is present on the blog...

6.8CVSS8.6AI score0.00922EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.5 views

WordPress Plugin Kadence WP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

8.8CVSS7.9AI score0.00922EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.8 views

PT-2023-13350 · WordPress · Wptouch

Name of the Vulnerable Software and Affected Versions: WPtouch WordPress plugin versions prior to 4.3.45 Description: The issue arises from the unserialization of the content of an imported settings file, which could lead to PHP object injections issues when a user imports a malicious settings fi...

8.8CVSS8.7AI score0.00922EPSS
Exploits1References5
Prion
Prion
added 2023/01/02 10:15 p.m.26 views

Design/Logic Flaw

The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...

5.8CVSS6.9AI score0.17686EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder