Lucene search
K

6360 matches found

Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress WPTools Masonry Gallery & Posts For Divi plugin < 3.1.2 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WPTools Masonry Gallery & Posts For Divi plugin versions 3.1.2. Solution Update the WordPress WPTools Masonry Gallery & Posts For Divi plugin to the latest available version at least 3.1.2...

2.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.12 views

WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin < 3.3.33 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin versions 3.3.33. Solution Update the WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin to...

1.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.13 views

WordPress WordPress Editable Posts Table for the Frontend plugin < 2.4.15 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress Editable Posts Table for the Frontend plugin versions 2.4.15. Solution Update the WordPress WordPress Editable Posts Table for the Frontend plugin to the latest available version at least...

3.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress WordPress Editable Posts Table for the Frontend plugin < 2.4.15 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Editable Posts Table for the Frontend plugin versions 2.4.15. Solution Update the WordPress WordPress Editable Posts Table for the Frontend plugin to the latest available version at least 2.4.15...

1.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.10 views

WordPress Content Slider for WP Posts (Section Slider) plugin <= 0.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Content Slider for WP Posts Section Slider plugin versions = 0.0.0. Solution No patched version available...

1.7AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.13 views

WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin < 2.1.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin versions 2.1.7. Solution Update the WordPress Posts List Designer by Category – List Category Posts Or Recent Posts plugin t...

3.8AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/02/22 12:0 a.m.5 views

The vulnerability lies in the implementation of the edit_posts permission plugin for PHP code, which allows a hacker to execute arbitrary code.

The vulnerability of the editposts permission implementation in the PHP plugin for PHP Everywhere is related to incorrect code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely using metashells...

9.9CVSS8.3AI score0.0165EPSS
Exploits2References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/02/22 12:0 a.m.7 views

The vulnerability lies in the implementation of the edit_posts permission plugin for PHP code, which allows a hacker to execute arbitrary code.

The vulnerability of the editposts permission implementation in the PHP plugin for PHP Everywhere is related to incorrect code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code using Götterhuber blocks...

9.9CVSS8.3AI score0.026EPSS
Exploits3References4Affected Software1
NVD
NVD
added 2022/02/16 5:15 p.m.30 views

CVE-2022-24664

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts...

9.9CVSS0.0165EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/02/08 12:0 a.m.46 views

PHP Everywhere < 3.0.0 - Contributor+ RCE via Gutenberg Block

The plugin allows any users with a role as low as contributor to execute PHP via the Gutenberg Block of the plugin in posts...

9.9CVSS5.5AI score0.026EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/08 12:0 a.m.29 views

PHP Everywhere < 3.0.0 - Contributor+ RCE via Metabox

The plugin allows any users with a role as low as contributor to execute PHP via the Metabox of the plugin in posts...

9.9CVSS5.5AI score0.0165EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2022/02/01 1:15 p.m.46 views

CVE-2021-25072

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack...

6.5CVSS0.00531EPSS
Exploits2References1
OSV
OSV
added 2022/02/01 1:15 p.m.3 views

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

4.3CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2022/02/01 1:15 p.m.29 views

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

5.3CVSS0.01327EPSS
Exploits2References1
OSV
OSV
added 2022/02/01 1:15 p.m.5 views

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

5.3CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2022/02/01 1:15 p.m.28 views

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

4.3CVSS0.00891EPSS
Exploits2References1
Prion
Prion
added 2022/02/01 1:15 p.m.18 views

Design/Logic Flaw

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

5CVSS5.4AI score0.01327EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/02/01 12:21 p.m.32 views

CVE-2021-24868 Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

5AI score0.00891EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.7 views

WordPress 安全漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Document Embedder plugin versions prior to 1.7.5 contain an information disclosure vulnerability that could be exploited to all...

5.3CVSS5.8AI score0.01327EPSS
Exploits2References2
OSV
OSV
added 2022/01/31 4:15 p.m.4 views

CVE-2021-46458

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=addpost. This vulnerability can be exploited through a crafted POST request via the posttitle parameter...

7.5CVSS7.1AI score0.0137EPSS
Exploits1References2
Rows per page
Query Builder