Lucene search
K

229 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 1:12 a.m.6 views

CVE-2013-2702

Cross-site request forgery CSRF vulnerability in the Easy AdSense Lite plugin before 6.10 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings...

6.8CVSS7.7AI score0.00981EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:53 a.m.4 views

CVE-2015-9407

The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS...

6.1CVSS7.1AI score0.01623EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:28 a.m.7 views

CVE-2013-10029

A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this vulnerability is the function exitboxadmin of the file wordpress-exit-box-lite.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely...

8.8CVSS6.8AI score0.00433EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:3 p.m.12 views

CVE-2024-10145

The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 4:15 a.m.20 views

CVE-2025-4591

The Weluka Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'weluka-map' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00198EPSS
Exploits0References1
OSV
OSV
added 2025/05/15 8:15 p.m.2 views

CVE-2024-12724

The WP DeskLite WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/05/15 8:15 p.m.8 views

CVE-2024-10145

The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00266EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:6 p.m.17 views

CVE-2024-10145 Hubbub Lite < 1.34.4 - Admin+ Stored XSS

The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00266EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 5:15 a.m.13 views

CVE-2025-3053

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uipprocessforminput function. This is due to the function taking user supplied inputs to execute arbitrary...

8.8CVSS0.00881EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.5 views

PT-2025-21260 · WordPress · Weluka Lite

Name of the Vulnerable Software and Affected Versions: Weluka Lite plugin for WordPress versions up to, and including, 1.0.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'weluka-map' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6.2AI score0.00198EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.3 views

PT-2025-21400 · WordPress · Hubbub Lite

Name of the Vulnerable Software and Affected Versions: Hubbub Lite WordPress plugin versions prior to 1.34.4 Description: The issue allows high privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

4.8CVSS4.5AI score0.00266EPSS
Exploits1References5
Patchstack
Patchstack
added 2025/05/14 9:24 p.m.6 views

WordPress UiPress lite plugin <= 3.5.07 - Authenticated (Subscriber+) Remote Code Execution vulnerability

Authenticated Subscriber+ Remote Code Execution vulnerability discovered by WordFence in WordPress Plugin UiPress lite versions = 3.5.07...

8.8CVSS9AI score0.00881EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/22 5:27 a.m.6 views

CVE-2025-2839 WP Import Export Lite <= 3.9.27 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.0023EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/17 3:48 p.m.5 views

CVE-2025-23782 WordPress TotalContest Lite Plugin <= 2.8.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Reflected XSS.This issue affects TotalContest Lite: from n/a through = 2.8.1...

7.1CVSS5.9AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 3:46 p.m.28 views

CVE-2025-32682 WordPress MapSVG Lite plugin <= 8.6.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through = 8.6.4...

9.9CVSS0.00488EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/04/16 12:44 p.m.6 views

CVE-2025-39592 WordPress Subscribe to Unlock Lite plugin <= 1.3.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Shuffle Subscribe to Unlock Lite subscribe-to-unlock-lite allows PHP Local File Inclusion.This issue affects Subscribe to Unlock Lite: from n/a through = 1.3.0...

7.5CVSS8.7AI score0.00778EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/08 7:1 a.m.18 views

CVE-2025-3430 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'printer_text'

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printertext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00359EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/08 7:1 a.m.5 views

CVE-2025-3429 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text'

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'materialtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS7.8AI score0.00359EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/08 7:1 a.m.18 views

CVE-2025-3429 3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text'

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'materialtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS0.00359EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.5 views

PT-2025-15380 · WordPress · 3Dprint Lite

Name of the Vulnerable Software and Affected Versions: 3DPrint Lite plugin for WordPress versions up to, and including, 2.1.3.6 Description: The issue arises from insufficient escaping on the user-supplied infill text parameter and lack of sufficient preparation on the existing SQL query, making ...

4.9CVSS9.7AI score0.00353EPSS
Exploits0References9
Rows per page
Query Builder