Lucene search
K

63 matches found

OSV
OSV
added 2025/08/05 8:15 a.m.4 views

CVE-2025-5061

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpieparseuploaddata' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above...

8.8CVSS6.5AI score0.00664EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:10 a.m.4 views

CVE-2024-21515

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...

4.7CVSS5AI score0.00366EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.5 views

CVE-2024-10520

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'CreateMilestone', 'CreateTaskList', 'CreateTask', and 'DeleteTask' classes in version 2.6.14. This makes it possible for unauthenticated...

5.3CVSS5.6AI score0.00312EPSS
Exploits0References1
OSV
OSV
added 2025/05/17 12:15 p.m.6 views

CVE-2025-3527

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

5.4CVSS5.9AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2025/03/08 1:15 p.m.4 views

CVE-2024-10326

The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveoptions and resetwidgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00333EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.8 views

Astra Linux – Vulnerability in Apache2

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some uses of the legacy content-type-based configuration of handlers. Configurations like “AddType” and similar ones, under certain circumstances where files are requested indirectly, can lead to exposure of local...

5.3CVSS6.5AI score0.04134EPSS
Exploits3References3
RedHat Linux
RedHat Linux
added 2024/12/11 4:20 p.m.4 views

php: host/secure cookie bypass due to partial CVE-2022-31629 fix

An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser...

6.5CVSS7.3AI score0.3786EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/12/11 4:16 p.m.7 views

php: host/secure cookie bypass due to partial CVE-2022-31629 fix

An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser...

6.5CVSS7.3AI score0.3786EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/11/20 11:33 a.m.11 views

CVE-2024-10520 WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'CreateMilestone', 'CreateTaskList', 'CreateTask', and 'DeleteTask' classes in version 2.6.14. This makes it possible for unauthenticated...

5.3CVSS6.7AI score0.00312EPSS
Exploits0References2
OSV
OSV
added 2024/09/13 6:15 a.m.8 views

CVE-2024-5628

The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusionbutton shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

5.4CVSS5.9AI score0.00303EPSS
Exploits0References3
OSV
OSV
added 2024/09/07 12:15 p.m.3 views

CVE-2024-6010

The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'createccorder' function, called from the Cost Calculator Builder...

5.3CVSS5.7AI score0.00419EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2024/08/15 7:0 a.m.6 views

In Apache Thrift all versions up to and including 0.12.0 a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0 depending on the installed version it affects only certain language bindings.

...

7.8CVSS9.3AI score0.09082EPSS
Exploits0
OSV
OSV
added 2024/07/11 4:15 a.m.4 views

CVE-2024-6397

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verification of the API key. This makes it possible for unauthenticated attackers to log in as any existing...

9.8CVSS5.8AI score0.00706EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2024/05/14 12:0 a.m.24 views

Simple Ajax Chat < 20240412 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup This was partially fixed in 0240216 bu...

7.7AI score0.00333EPSS
Exploits2Affected Software1
Microsoft CVE
Microsoft CVE
added 2024/04/29 7:0 a.m.4 views

__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

...

6.5CVSS6.7AI score0.49336EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2024/04/16 12:0 a.m.23 views

CVE-2024-2756

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.5CVSS6.6AI score0.3786EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/04/15 12:0 a.m.34 views

Slackware: Security Advisory (SSA:2024-103-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.4CVSS8.6AI score0.49336EPSS
Exploits5References6
OSV
OSV
added 2024/02/12 4:15 p.m.5 views

CVE-2024-0248

The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was...

4.3CVSS5.9AI score0.00424EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.6 views

PT-2024-15410 · WordPress · Eazydocs

Name of the Vulnerable Software and Affected Versions: EazyDocs WordPress plugin versions prior to 2.4.0 Description: The issue allows any authenticated users to delete arbitrary posts, as well as add and delete documents/sections. The problem was partially fixed in version 2.3.9. Recommendations...

4.3CVSS6.6AI score0.00424EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2024/02/05 10:15 p.m.7 views

CVE-2023-7029

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00399EPSS
Exploits0References3
Rows per page
Query Builder