Lucene search
+L

210 matches found

CNNVD
CNNVD
added 2024/12/25 12:0 a.m.8 views

WordPress plugin Avada Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS8.1AI score0.00359EPSS
Exploits0References2
OSV
OSV
added 2024/12/19 7:15 a.m.4 views

CVE-2024-12560

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btnblockduplicatepost' function. This makes it possible for authenticated attackers, with Contributor-leve...

6.5CVSS7.3AI score0.00362EPSS
Exploits0References2
OSV
OSV
added 2024/12/12 7:15 a.m.5 views

CVE-2024-11181

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wpreusablerender' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticate...

4.3CVSS7.3AI score0.00485EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.5 views

WordPress plugin Greenshift 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS8.5AI score0.00485EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.10 views

PT-2024-39502 · WordPress · Wpdash Notes

Name of the Vulnerable Software and Affected Versions: WPDash Notes plugin for WordPress versions prior to 1.3.5 Description: The issue is related to a missing capability check on the wp ajax post it list comment function, allowing authenticated attackers with Subscriber-level access and above to...

4.3CVSS9.3AI score0.00358EPSS
Exploits0References4
OSV
OSV
added 2024/11/21 11:15 a.m.5 views

CVE-2024-10671

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the btnblock shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

6.5CVSS5.8AI score0.00506EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.6 views

PT-2024-16442 · WordPress · The Easy Twitter Feed – Twitter Feeds Plugin For Wp

Name of the Vulnerable Software and Affected Versions: The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress version 1.2.6 and earlier Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from password protected, private,...

4.3CVSS9.4AI score0.00435EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/09 12:0 a.m.8 views

WordPress plugin Attesa Extra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.1AI score0.00294EPSS
Exploits0References2
OSV
OSV
added 2024/10/24 9:15 a.m.5 views

CVE-2024-10050

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfetemplate shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft...

4.3CVSS5.8AI score0.00471EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/18 12:0 a.m.9 views

PT-2024-39915 · WordPress · Elementinvader Addons For Elementor

Name of the Vulnerable Software and Affected Versions: ElementInvader Addons for Elementor plugin for WordPress versions up to, and including, 1.2.9 Description: The issue allows authenticated attackers with contributor-level access and above to view private, draft, and password-protected posts,...

4.3CVSS6.2AI score0.00335EPSS
Exploits0References8
OSV
OSV
added 2024/10/17 4:15 a.m.7 views

CVE-2024-7417

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the datafetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected...

4.3CVSS5.8AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 2024/09/26 4:15 p.m.4 views

CVE-2024-8771

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'previewemailtemplatedesign' function in all versions up to, and including,...

4.3CVSS5.8AI score0.00361EPSS
Exploits0References3
OSV
OSV
added 2024/09/05 7:15 a.m.8 views

CVE-2024-6835

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajaxloadposts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the...

5.3CVSS5.8AI score0.00529EPSS
Exploits0References4
CVE
CVE
added 2024/09/05 6:41 a.m.53 views

CVE-2024-6835

CVE-2024-6835 affects Ivory Search – WordPress Search Plugin, with information exposure in the ajax_load_posts path affecting all versions up to 5.5.6. Unauthenticated attackers could extract text from password-protected posts via a boolean-based attack on the AJAX search form. Public reviews/ent...

5.3CVSS5.6AI score0.00529EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/09/04 7:15 a.m.27 views

CVE-2024-8123

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicatepost function due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

5.4CVSS0.00309EPSS
Exploits0References3
CVE
CVE
added 2024/09/04 6:49 a.m.54 views

CVE-2024-8123

CVE-2024-8123 affects the WordPress plugin “The Ultimate WordPress Toolkit – WP Extended” (

5.4CVSS5.6AI score0.00309EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/09/04 6:49 a.m.34 views

CVE-2024-8123 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object Reference

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicatepost function due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

5.4CVSS0.00309EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.11 views

PT-2024-38814 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.8 Description: The issue allows authenticated attackers with Contributor-level access and above to duplicate posts written by other authors,...

5.4CVSS7.1AI score0.00309EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.12 views

PT-2024-37894 · WordPress · The Ivory Search

Name of the Vulnerable Software and Affected Versions: The Ivory Search – WordPress Search Plugin versions up to, and including, 5.5.6 Description: The issue allows unauthenticated attackers to extract text data from password-protected posts using a boolean-based attack on the AJAX search form...

5.3CVSS7AI score0.00529EPSS
Exploits0References10
OSV
OSV
added 2024/08/29 1:15 p.m.9 views

CVE-2024-3679

The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References2
Rows per page
Query Builder