Lucene search
K

115 matches found

CVE
CVE
added 2025/09/11 7:24 a.m.15 views

CVE-2025-9627

CVE-2025-9627 describes a CSRF vulnerability in the WordPress Run Log plugin (versions up to and including 1.7.10). The issue stems from missing/incorrect nonce validation in the oirl_plugin_options function, allowing unauthenticated attackers to modify plugin settings (e.g., distance units, pace...

4.3CVSS4.9AI score0.00151EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.4 views

CVE-2025-9627 Run Log <= 1.7.10 - Cross-Site Request Forgery to Settings Update

The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirlpluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings includi...

4.3CVSS4.9AI score0.00151EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/11 7:24 a.m.11 views

CVE-2025-9627 Run Log <= 1.7.10 - Cross-Site Request Forgery to Settings Update

The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirlpluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings includi...

4.3CVSS0.00151EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/09/11 4:19 a.m.5 views

WordPress Run Log plugin <= 1.7.10 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Claw.k in WordPress Plugin Run Log versions = 1.7.10...

4.3CVSS6.7AI score0.00151EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/07/30 7:40 a.m.3 views

Malicious Package

Overview vite-log-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/30 7:40 a.m.4 views

Malicious code in vite-log-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e278049c2919582d9fdb72033c214b715cd3cf34a0a80051a894185c4f669207 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/07/30 7:40 a.m.2 views

MAL-2025-6376 Malicious code in vite-log-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e278049c2919582d9fdb72033c214b715cd3cf34a0a80051a894185c4f669207 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/06 6:42 a.m.6 views

CVE-2025-5541 Runners Log <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Runners Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'runnerslog' shortcode in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00192EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:44 a.m.9 views

CVE-2023-3088

The WP Mail Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...

7.2CVSS6.1AI score0.00458EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:38 a.m.3 views

CVE-2023-23721

Cross-Site Request Forgery CSRF vulnerability in David Gwyer Admin Log plugin = 1.50 versions...

8.8CVSS7AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:17 a.m.7 views

CVE-2022-45394

A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs...

4.3CVSS6.5AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:23 p.m.4 views

CVE-2022-3941

A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely...

5.3CVSS5.8AI score0.00685EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:3 p.m.8 views

CVE-2021-24924

The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.2AI score0.008EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.6 views

CVE-2021-24756

The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs...

6.1CVSS6.3AI score0.01322EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 a.m.9 views

CVE-2017-20056

A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Stored. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

5.4CVSS6.1AI score0.00794EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:29 a.m.7 views

CVE-2016-10890

The aryo-activity-log plugin before 2.3.2 for WordPress has XSS...

6.1CVSS7.1AI score0.01111EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:3 a.m.3 views

CVE-2015-9344

The link-log plugin before 2.1 for WordPress has SQL injection...

9.8CVSS7.5AI score0.01795EPSS
Exploits0References1
OSV
OSV
added 2025/05/15 8:15 p.m.3 views

CVE-2024-0970

This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value...

5.3CVSS7.3AI score0.0031EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

WordPress plugin This User Activity Tracking and Log 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

5.3CVSS7.8AI score0.0031EPSS
Exploits2References1
Patchstack
Patchstack
added 2025/02/16 5:11 p.m.4 views

WordPress WP Activity Log plugin <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by zer0gh0st in WordPress Plugin WP Activity Log versions = 5.2.2...

7.2CVSS5.3AI score0.01269EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder