Lucene search
K

229 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-17274

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00516EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-15338

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00266EPSS
Exploits1References3
Patchstack
Patchstack
added 2025/09/08 3:42 a.m.5 views

WordPress Portfolio Manager Lite plugin <= 1.20 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Portfolio Manager Lite versions = 1.20...

7.1CVSS6.1AI score0.00208EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/17 8:29 a.m.12 views

CVE-2025-8091

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

4.3CVSS7.3AI score0.00377EPSS
Exploits0References1
CVE
CVE
added 2025/08/02 8:24 a.m.19 views

CVE-2025-8391

CVE-2025-8391 – Magic Edge – Lite (WordPress) is a Stored Cross-Site Scripting vulnerability in the plugin for all versions up to 1.1.6, triggered by the height parameter due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributor level or...

6.4CVSS5.5AI score0.00218EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/07/28 3:55 a.m.5 views

WordPress Finale Lite Plugin <= 2.20.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by LVT-tholv2k in WordPress Plugin Finale Lite versions = 2.20.0...

7.1CVSS6.2AI score0.00214EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/07/12 12:15 p.m.8 views

CVE-2021-4458

The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wpajaxmecloadsinglepage' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

9.8CVSS0.00354EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.7 views

CVE-2024-9117

The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

6.4CVSS5.8AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:22 a.m.9 views

CVE-2024-7084

The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks...

4.8CVSS6.1AI score0.00367EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:27 a.m.9 views

CVE-2024-5892

The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘supportunfilteredfilesupload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:39 a.m.7 views

CVE-2024-11416

The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the saveoption function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS6.4AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:31 a.m.5 views

CVE-2024-10882

The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated...

6.1CVSS6.4AI score0.00481EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:18 a.m.6 views

CVE-2024-12239

The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS6.4AI score0.00355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:40 a.m.7 views

CVE-2023-39987

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ajay Lulia wSecure Lite plugin = 2.5 versions...

5.9CVSS5.6AI score0.00316EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:19 a.m.4 views

CVE-2023-28497

Cross-Site Request Forgery CSRF vulnerability in Tribulant Slideshow Gallery LITE plugin = 1.7.6 versions...

8.8CVSS7AI score0.00284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:20 a.m.8 views

CVE-2013-10030

A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely...

7.5CVSS6.6AI score0.00749EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:33 a.m.7 views

CVE-2019-14679

core/views/arpriceimportexport.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arpliteimportexport CSRF...

6.5CVSS7AI score0.00685EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:38 a.m.6 views

CVE-2018-20987

The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection...

9.8CVSS7.2AI score0.02129EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:9 a.m.7 views

CVE-2014-9442

SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php...

6.5CVSS8.4AI score0.01756EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:6 a.m.5 views

CVE-2015-9408

The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS...

6.5CVSS7.2AI score0.01096EPSS
Exploits1References1
Rows per page
Query Builder