Lucene search
+L

127 matches found

cvelist
cvelist
added 2025/05/19 4:35 p.m.16 views

CVE-2025-39369 WordPress Posts for Page plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sihibbs Posts for Page posts-for-page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through = 2.1...

6.5CVSS0.00174EPSS
Exploits0References1
cvelist
cvelist
added 2025/03/26 2:24 p.m.14 views

CVE-2025-26544 WordPressUTM tags + Landing page plugin <= 1.4 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Max K UTM tags tracking for Contact Form 7 cf7-utm-tracking allows Reflected XSS.This issue affects UTM tags tracking for Contact Form 7: from n/a through = 2.1...

7.1CVSS0.00363EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/03/26 2:24 p.m.7 views

CVE-2025-26544 WordPressUTM tags + Landing page plugin <= 1.4 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound UTM tags tracking for Contact Form 7 allows Reflected XSS. This issue affects UTM tags tracking for Contact Form 7: from n/a through 2.1...

7.1CVSS7.2AI score0.00363EPSS
Exploits0References1
patchstack
patchstack
added 2025/03/21 7:58 a.m.6 views

WordPressUTM tags + Landing page plugin <= 1.4 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin UTM tags tracking for Contact Form 7 versions = 2.1...

7.1CVSS8.1AI score0.00363EPSS
Exploits0Affected Software1
cnnvd
cnnvd
added 2025/03/11 12:0 a.m.2 views

WordPress plugin Members page only for logged in users 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Members page only for logged in...

7.1CVSS8.1AI score0.00139EPSS
Exploits0References3
patchstack
patchstack
added 2025/02/24 3:11 p.m.4 views

WordPress Archive Page plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Archive Page versions = 1.0.2...

6.5CVSS5.8AI score0.00251EPSS
Exploits0Affected Software1
redhatcve
redhatcve
added 2025/02/05 9:52 a.m.12 views

CVE-2024-3597

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rcexportedzipfile parameter. This makes it possible for unauthenticated attackers to...

7.1CVSS6.7AI score0.00332EPSS
Exploits0References1
cvelist
cvelist
added 2025/01/16 8:6 p.m.19 views

CVE-2025-23547 WordPress LH Login Page plugin <= 2.14 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH Login Page lh-login-page allows Reflected XSS.This issue affects LH Login Page: from n/a through = 2.14...

7.1CVSS0.00397EPSS
Exploits0References1
nvd
nvd
added 2025/01/07 4:15 a.m.6 views

CVE-2024-12098

The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utmkeyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00345EPSS
Exploits0References3
cve
cve
added 2025/01/07 3:21 a.m.43 views

CVE-2024-12098

CVE-2024-12098 affects the ARS Affiliate Page Plugin for WordPress. The issue is a Reflected Cross-Site Scripting via the utm_keyword parameter in all versions up to and including 2.0.2, allowing unauthenticated attackers to inject scripts in pages executed when a user clicks a crafted link. A pa...

6.1CVSS6AI score0.00345EPSS
Exploits0References3
cvelist
cvelist
added 2025/01/07 3:21 a.m.14 views

CVE-2024-12098 ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting

The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utmkeyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00345EPSS
Exploits0References3
cve
cve
added 2024/07/13 11:19 a.m.64 views

CVE-2024-6465

CVE-2024-6465 : The WP Links Page plugin for WordPress allows unauthorized modification of data due to a missing capability check in wplf_ajax_update_screenshots. This affects all versions up to and including 4.9.5. Authenticated attackers with Subscriber-level access and above can regenerate the...

4.3CVSS4.7AI score0.00385EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/05/30 12:0 a.m.9 views

PT-2024-26755 · WordPress · Simple Like Page Plugin

Name of the Vulnerable Software and Affected Versions: The Simple Like Page Plugin for WordPress versions up to, and including, 1.5.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcodes, allowing authenticat...

6.4CVSS6.4AI score0.00276EPSS
Exploits0References4
osv
osv
added 2024/03/13 4:15 p.m.5 views

CVE-2024-1462

The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...

5.3CVSS7.1AI score0.0053EPSS
Exploits0References2
nvd
nvd
added 2024/03/13 4:15 p.m.25 views

CVE-2024-1462

The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...

5.3CVSS5.1AI score0.0053EPSS
Exploits0References2
prion
prion
added 2024/03/13 4:15 p.m.18 views

Code injection

The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...

5CVSS6.9AI score0.0053EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/03/13 3:26 p.m.13 views

CVE-2024-1370 Maintenance Page <= 1.0.8 - Missing Authorization to Sensitive Information Exposure

The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribedownload function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access...

5.3CVSS6.7AI score0.00445EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/03/13 12:0 a.m.8 views

PT-2024-18066 · WordPress · Maintenance Page

Name of the Vulnerable Software and Affected Versions: Maintenance Page plugin for WordPress versions up to, and including, 1.0.8 Description: The issue allows unauthenticated attackers to view post titles and content when the site is in maintenance mode, due to Basic Information Exposure via the...

5.3CVSS9.6AI score0.0053EPSS
Exploits0References4
osv
osv
added 2024/02/15 7:15 a.m.3 views

CVE-2024-0708

The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be public...

5.3CVSS5.7AI score0.00454EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/02/01 9:43 a.m.17 views

CVE-2023-52195 WordPress Posts to Page Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Posts to Page Kerry James allows Stored XSS.This issue affects Kerry James: from n/a through 1.7...

6.5CVSS6.4AI score0.00328EPSS
Exploits0References1
Rows per page
Query Builder