Lucene search
K

3488 matches found

Vulnrichment
Vulnrichment
added 2024/06/07 6:0 a.m.22 views

CVE-2024-4756 WP Backpack <= 2.1 - Admin+ Stored XSS

The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.6AI score0.00333EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/06/07 6:0 a.m.23 views

CVE-2024-4756 WP Backpack <= 2.1 - Admin+ Stored XSS

The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00333EPSS
Exploits2References1
CVE
CVE
added 2024/06/07 6:0 a.m.73 views

CVE-2024-4621

CVE-2024-4621 affects ARForms – Premium WordPress Form Builder Plugin prior to version 6.6. The issue is a Stored XSS vulnerability caused by insufficient sanitisation/escaping of certain plugin settings, potentially allowing high-privilege users (e.g., admins) to inject scripts even when unfilte...

4.8CVSS4.9AI score0.00351EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/06/06 2:15 a.m.3 views

CVE-2024-4942

The Custom Dash plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS5.9AI score0.00265EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.11 views

Video Widget <= 1.2.3 - Admin+ Stored XSS via Widget

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a "Video Widget" to a widge...

5AI score0.00399EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.11 views

Frontend Checklist <= 2.3.2 - Admin+ Stored XSS via Items

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a checklist and for an item...

5.5AI score0.0033EPSS
Exploits2
NVD
NVD
added 2024/05/31 6:15 a.m.22 views

CVE-2024-4469

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

7.5CVSS9.4AI score0.00591EPSS
Exploits2References1
OSV
OSV
added 2024/05/31 6:15 a.m.4 views

CVE-2024-4469

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

7.5CVSS5.7AI score0.00591EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/05/31 6:0 a.m.13 views

CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

6.6AI score0.00591EPSS
Exploits2References1
CVE
CVE
added 2024/05/31 6:0 a.m.3224 views

CVE-2024-4469

CVE-2024-4469 affects the WP STAGING WordPress Backup Plugin (pre-3.5.0). An administrator can trigger server-side request forgery (SSRF) which may impact multisite setups. The issue is mitigated/solved by upgrading to version 3.5.0 or later (patch).

7.5CVSS6.5AI score0.00591EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/05/31 6:0 a.m.30 views

CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

9.4AI score0.00591EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/05/31 12:0 a.m.12 views

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

5.4AI score0.00319EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/31 12:0 a.m.15 views

CB (legacy) <= 0.9.4.18 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

4.9AI score0.00332EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/31 12:0 a.m.16 views

Widget Bundle <= 2.0.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Enable the "Text Form" widget...

5.4AI score0.00356EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/31 12:0 a.m.16 views

Google CSE <= 1.0.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...

5.4AI score0.00255EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.11 views

PT-2024-31213 · WordPress · Wp Staging

Name of the Vulnerable Software and Affected Versions: WP STAGING WordPress Backup Plugin versions prior to 3.5.0 Description: The issue allows users with the administrator role to conduct SSRF attacks, which may be problematic in multisite configurations. This is due to the lack of prevention of...

7.5CVSS6.2AI score0.00591EPSS
Exploits2References4
OSV
OSV
added 2024/05/30 5:15 a.m.2 views

CVE-2024-3946

The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS5.9AI score0.00318EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.6 views

PT-2024-21425 · WordPress · Font Farsi

Name of the Vulnerable Software and Affected Versions: Font Farsi plugin for WordPress versions up to, and including, 1.6.6 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated...

4.4CVSS5.9AI score0.00255EPSS
Exploits0References4
OSV
OSV
added 2024/05/29 6:18 a.m.3 views

CVE-2024-4419

The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2024/05/29 6:18 a.m.2 views

CVE-2024-3937

The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00332EPSS
Exploits2References1
Rows per page
Query Builder