Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3475 matches found

OSV
OSVadded 2023/12/18 8:15 p.m.3 views

CVE-2023-6295

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites...

7.2CVSS5.8AI score0.01034EPSS
Exploits2References1
NVD
NVDadded 2023/12/18 8:15 p.m.13 views

CVE-2023-6295

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites...

7.2CVSS0.01034EPSS
Exploits2References1
OSV
OSVadded 2023/12/18 8:15 p.m.3 views

CVE-2023-5005

The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

4.8CVSS7.3AI score0.00442EPSS
Exploits2References1
Prion
Prionadded 2023/12/18 8:15 p.m.14 views

Design/Logic Flaw

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites...

5.8CVSS6.9AI score0.01034EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2023/12/18 8:8 p.m.18 views

CVE-2023-6295 so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites...

7.1AI score0.01034EPSS
Exploits2References1
Cvelist
Cvelistadded 2023/12/18 8:7 p.m.25 views

CVE-2023-5005 Autocomplete Location field Contact Form 7 < 3.0 - Admin+ Store Cross-Site Scripting

The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

5AI score0.00442EPSS
Exploits2References1
Positive Technologies
Positive Technologiesadded 2023/12/12 12:0 a.m.5 views

PT-2023-32595 · WordPress · Siteorigin Widgets Bundle

Name of the Vulnerable Software and Affected Versions: SiteOrigin Widgets Bundle WordPress plugin versions prior to 1.51.0 Description: The issue allows users with the administrator role to perform Local File Inclusion LFI attacks in the context of Multisite WordPress sites. This is due to the...

7.2CVSS7.4AI score0.01034EPSS
Exploits2References10
OSV
OSVadded 2023/12/11 8:15 p.m.2 views

CVE-2023-5940

The WP Not Login Hide WPNLH WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00425EPSS
Exploits2References1
OSV
OSVadded 2023/12/11 8:15 p.m.4 views

CVE-2023-5757

The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00451EPSS
Exploits2References1
OSV
OSVadded 2023/12/11 8:15 p.m.2 views

CVE-2023-5907

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

6.5CVSS5.5AI score0.0085EPSS
Exploits2References1
NVD
NVDadded 2023/12/11 8:15 p.m.22 views

CVE-2023-5907

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

6.5CVSS0.0085EPSS
Exploits2References1
NVD
NVDadded 2023/12/11 8:15 p.m.12 views

CVE-2023-5940

The WP Not Login Hide WPNLH WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00425EPSS
Exploits2References1
Prion
Prionadded 2023/12/11 8:15 p.m.20 views

Design/Logic Flaw

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

4.7CVSS6.8AI score0.0085EPSS
Exploits2References1Affected Software1
Prion
Prionadded 2023/12/11 8:15 p.m.14 views

Cross site scripting

The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.9AI score0.00451EPSS
Exploits2References1Affected Software1
Prion
Prionadded 2023/12/11 8:15 p.m.14 views

Cross site scripting

The WP Not Login Hide WPNLH WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.9AI score0.00425EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2023/12/11 7:30 p.m.35 views

CVE-2023-5955 Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting

The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00455EPSS
Exploits2References1
Cvelist
Cvelistadded 2023/12/11 7:22 p.m.22 views

CVE-2023-5940 WP Not Login Hide <= 1.0 - Admin+ Stored XSS

The WP Not Login Hide WPNLH WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00425EPSS
Exploits2References1
Cvelist
Cvelistadded 2023/12/11 7:22 p.m.29 views

CVE-2023-5907 File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

6.5AI score0.0085EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2023/12/11 7:22 p.m.8 views

CVE-2023-5907 File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

6.4AI score0.0085EPSS
Exploits2References1
Positive Technologies
Positive Technologiesadded 2023/12/11 12:0 a.m.5 views

PT-2023-32413 · WordPress · File Manager

Name of the Vulnerable Software and Affected Versions: File Manager WordPress plugin versions prior to 6.3 Description: The issue allows an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site...

6.5CVSS6.9AI score0.0085EPSS
Exploits2References6
Rows per page
Query Builder