Lucene search
K

11 matches found

EUVD
EUVD
added 2026/06/24 5:33 a.m.7 views

EUVD-2026-38687

The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Server Variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6AI score0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51682

Name of the Vulnerable Software and Affected Versions Image Sizes on Demand versions prior to 1.4 Description Insufficient input sanitization and output escaping in the PHP SELF server variable allow unauthenticated attackers to inject arbitrary web scripts. These scripts execute if a user is...

6.1CVSS6.1AI score0.00168EPSS
Exploits0References7
CVE
CVE
added 2026/04/22 7:45 a.m.11 views

CVE-2026-4117

CVE-2026-4117 affects the WordPress CalJ plugin (≤ v1.5). The vulnerability is caused by a missing authorization check in the CalJSettingsPage constructor that processes the POST operation 'save-obtained-key' without verifying the user’s capability or nonce, allowing authenticated users (Subscrib...

5.3CVSS5.7AI score0.00364EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.25 views

CVE-2025-14288 Gallery Blocks with Lightbox <= 3.3.0 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification

The Gallery Blocks with Lightbox. Image Gallery, HTML5 video , YouTube, Vimeo Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to unauthorized modification of plugin settings in all versions up to, and including, 3.3.0. This is due to the plugin using the editposts...

4.3CVSS0.0019EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:26 p.m.8 views

CVE-2022-2269

The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manageoptions capability by default admins, leading to an SQL injection...

9.8CVSS7AI score0.01026EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.14 views

CVE-2021-24229

The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreonsaveattachmentpatreonlevel AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is...

9.6CVSS5.7AI score0.01758EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/03/27 3:37 p.m.7 views

CVE-2023-0955 WP Statistics < 14.0 - Authenticated SQLi

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...

7.6AI score0.00898EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/23 2:31 p.m.28 views

CVE-2022-4230 WP Statistics < 13.2.9 - Authenticated SQLi

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...

9.2AI score0.34271EPSS
Exploits2References1
OSV
OSV
added 2008/12/19 6:30 p.m.4 views

DEBIAN-CVE-2008-5695

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manageoptions and uploadfiles capabilities to execute arbitrary code by uploading a PHP script and adding this...

8.5CVSS7.8AI score0.12008EPSS
Exploits1References1
OSV
OSV
added 2008/12/19 6:30 p.m.5 views

CVE-2008-5695

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manageoptions and uploadfiles capabilities to execute arbitrary code by uploading a PHP script and adding this...

7.2AI score
Exploits0References10
Patchstack
Patchstack
added 2008/12/19 12:0 a.m.18 views

WordPress <= 1.3.1 - Remote Code Execution

Because of this vulnerability, the authenticated users with manageoptions and uploadfiles capabilities can execute arbitrary code by uploading a PHP script. Solution Update WordPress...

8.5CVSS4.5AI score0.12008EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder