Lucene search
K

58 matches found

Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.3 views

PT-2024-18039 · WordPress · Element Pack Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.6.0 Description: The issue is related to Stored Cross-Site Scripting via the tab link attribute of the Panel Slider widget due to insufficient input...

6.4CVSS5.9AI score0.00323EPSS
Exploits0References7
OSV
OSV
added 2024/04/06 8:15 a.m.3 views

CVE-2024-0837

The Element Pack Elementor Addons Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to...

5.4CVSS5.9AI score0.00344EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/06 7:34 a.m.53 views

CVE-2024-0837 Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Custom Gallery' Widget

The Element Pack Elementor Addons Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to...

6.4CVSS5.8AI score0.00344EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/06 7:34 a.m.15 views

CVE-2024-1428 Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trailer Box Widget

The Element Pack Elementor Addons Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementpackwrapperlink’ attribute of the Trailer Box widget in all versions up...

6.4CVSS7.4AI score0.00434EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/11/30 3:52 p.m.10 views

CVE-2023-45609 WordPress Powr Pack Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0...

6.5CVSS6.7AI score0.00377EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/30 3:52 p.m.20 views

CVE-2023-45609 WordPress Powr Pack Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0...

6.5CVSS6.6AI score0.00377EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.9 views

WordPress Powr Pack Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Powr Pack Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45609 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b52dad403861 Credits resecured.io Required privilege Contributor...

6.5CVSS6.5AI score0.00377EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/10/16 10:41 a.m.52 views

CVE-2023-44984

CVE-2023-44984: WordPress bbp style pack plugin

6.5CVSS5.5AI score0.00328EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/06/22 1:15 p.m.21 views

CVE-2023-33997

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Robin Wilson bbp style pack plugin = 5.5.5 versions...

7.1CVSS6.2AI score0.00382EPSS
Exploits0References1
CVE
CVE
added 2023/06/22 12:55 p.m.42 views

CVE-2023-33997

CVE-2023-33997 is an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability affecting the WordPress bbp style pack plugin 5.5.5 and earlier. Root cause: input is reflected without proper sanitization, enabling injection of script into pages viewed by users. Impact: potential script ex...

7.1CVSS6AI score0.00382EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/01/03 12:0 a.m.16 views

WordPress Mobile Pack Plugin for WordPress < 2.0.2 Sensitive Information Disclosure

The WordPress WordPress Mobile Pack Plugin installed on the remote host is affected by a Sensitive Information Disclosure. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

5CVSS7.4AI score0.16988EPSS
Exploits1References2
CVE
CVE
added 2022/12/15 1:21 p.m.66 views

CVE-2022-44588

CVE-2022-44588 affects WordPress Cryptocurrency Widgets Pack Plugin and versions

9.9CVSS9.2AI score0.02268EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/12/15 1:21 p.m.15 views

CVE-2022-44588 WordPress Cryptocurrency Widgets Pack Plugin <=1.8.1 is vulnerable to SQL Injection

Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin =1.8.1 on WordPress...

9.9CVSS10AI score0.02268EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/12/15 1:21 p.m.6 views

CVE-2022-44588 WordPress Cryptocurrency Widgets Pack Plugin <=1.8.1 is vulnerable to SQL Injection

Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin =1.8.1 on WordPress...

9.9CVSS9.1AI score0.02268EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/15 12:0 a.m.4 views

PT-2022-27259

Name of the Vulnerable Software and Affected Versions Cryptocurrency Widgets Pack Plugin versions =1.8.1 Description The issue is related to an unauthorized SQL Injection vulnerability. This vulnerability affects the Cryptocurrency Widgets Pack Plugin on WordPress. Recommendations For versions...

9.9CVSS8.9AI score0.02268EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/05/14 3:46 a.m.3 views

com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +1 more potentially affected by CVE-2018-1000008 via org.jvnet.hudson.plugins:pmd (>=3.33 <=3.42)

org.jvnet.hudson.plugins:pmd MAVEN version =3.33, =1.7.2, =1.0.0, =1.7.1 - org.jenkins-ci.plugins:php =1.0 Source cves: CVE-2018-1000008 Source advisory: OSV:GHSA-687X-269M-7CV9...

8.8CVSS7.2AI score0.01172EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/10/27 12:0 a.m.4 views

The vulnerability of the Token Authentication logic in the Action Controller component of the actionpack plugin for the Ruby on Rails software framework allows a hacker to cause a service failure due to uncontrolled resource consumption.

The vulnerability of the Token Authentication logic in the Action Controller component of the actionpack plugin for the Ruby on Rails software framework is related to insufficiently strict regular expressions. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.5CVSS6.7AI score0.04808EPSS
Exploits1References10Affected Software5
Check Point Advisories
Check Point Advisories
added 2016/07/12 12:0 a.m.0 views

WordPress All In One SEO Pack Plugin Cross-site Scripting

A cross-site scripting vulnerability exists in WordPress All In One SEO Pack plugin. Successful exploitation of this vulnerability would allow a remote attacker to insert malicious code into the effected system...

3.3AI score
Exploits0
Rows per page
Query Builder