Lucene search
K

330 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 9:53 a.m.16 views

CVE-2024-3922

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

10CVSS7.4AI score0.56209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:52 a.m.6 views

CVE-2024-2024

The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handlefoldersfileupload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload...

8.8CVSS7.7AI score0.03303EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/24 11:47 a.m.6 views

WordPress Admin and Site Enhancements (ASE) Pro Plugin <= 7.6.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Admin and Site Enhancements ASE Pro versions = 7.6.1.1...

4.3CVSS6.9AI score0.0023EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/01/21 1:40 p.m.59 views

CVE-2025-22763

CVE-2025-22763 affects Brizy Pro (WordPress) up to version 2.6.1 and is a Reflected XSS caused by improper input handling during web page generation. The Red Hat and Wordfence entries corroborate the same ID and vulnerability class, noting the affected product and version range. The Wordfence vul...

7.1CVSS8.6AI score0.00224EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/21 1:40 p.m.5 views

CVE-2025-22763 WordPress Brizy Pro Plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1...

7.1CVSS8.6AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.4 views

WordPress plugin Brizy Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

7.1CVSS7.7AI score0.00224EPSS
Exploits0References2
NVD
NVD
added 2025/01/19 5:15 a.m.13 views

CVE-2024-8722

The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS0.00332EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/07 10:54 a.m.6 views

WordPress Timeline Pro plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Timeline Pro versions = 1.3...

6.5CVSS6.1AI score0.00206EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/16 3:47 p.m.14 views

CVE-2024-54284 WordPress SeedProd Pro plugin <= 6.18.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through 6.18.10...

7.6CVSS7.9AI score0.00521EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/15 8:28 a.m.5 views

WordPress Ads Booster by Ads Pro plugin <= 1.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Ads Booster by Ads Pro versions = 1.12...

9.8CVSS7AI score0.00509EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/15 12:0 a.m.11 views

WordPress Ads Booster by Ads Pro Plugin <= 1.12 is vulnerable to Local File Inclusion

Software Ads Booster by Ads Pro Type Plugin Vulnerable versions = 1.12 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-52428 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID dc26473e2ce0 Credits Dimas Maulana Required privilege...

9.8CVSS7.2AI score0.00509EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/14 12:0 a.m.36 views

WordPress Really Simple Security Pro Plugin 9.0.0-9.1.1.1 is vulnerable to Broken Authentication

Software Really Simple Security Pro Type Plugin Vulnerable versions 9.0.0-9.1.1.1 Fixed in 9.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-10924 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dc394c4ae392 Credits István...

9.8CVSS6.2AI score0.81722EPSS
Exploits21References2Affected Software1
OSV
OSV
added 2024/10/18 5:15 a.m.3 views

CVE-2024-9383

The Parcel Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

6.1CVSS5.9AI score
Exploits0References2
Patchstack
Patchstack
added 2024/10/17 12:0 a.m.15 views

WordPress Parcel Pro Plugin <= 1.8.4 is vulnerable to Cross Site Scripting (XSS)

Software Parcel Pro Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9383 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 434032076e56 Credits vgo0 Required privilege...

6.1CVSS6.1AI score0.00382EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/15 11:43 a.m.8 views

WordPress Cooked Pro plugin < 1.8.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by RE-ALTER Patchstack Alliance in WordPress Plugin Cooked Pro versions 1.8.0...

10CVSS7AI score0.00496EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/09/26 6:15 p.m.3 views

CVE-2024-45838

The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It is advised to not use sensitive information in callsigns when using this and previous versions of the plugin. Update to current plugin version which uses AES-256 encryption for callsigns in encrypted operation...

4.3CVSS5.8AI score0.0009EPSS
Exploits0References1
OSV
OSV
added 2024/09/26 6:15 p.m.4 views

CVE-2024-43814

The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information PLI updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally...

4.3CVSS5.8AI score0.00131EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/26 12:0 a.m.5 views

goTenna Pro ATAK Plugin 安全漏洞

The goTenna Pro ATAK Plugin is a plugin for goTenna's device that creates networks for off-grid communication and situational awareness. A security vulnerability exists in goTenna Pro ATAK Plugin version 1.9.12 and earlier, which stems from an encryption key being stored on the device along with ...

6.5CVSS6.6AI score0.00117EPSS
Exploits0References2
NVD
NVD
added 2024/08/02 6:15 a.m.25 views

CVE-2024-3827

The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS0.00262EPSS
Exploits0References2
CVE
CVE
added 2024/08/02 5:30 a.m.39 views

CVE-2024-3827

The CVE-2024-3827 entry concerns the Spectra Pro WordPress plugin. A stored XSS flaw exists in all versions up to and including 1.1.4 due to insufficient input sanitization and output escaping on user-supplied block IDs/attributes. Exploitation requires at least contributor-level authentication a...

6.4CVSS5.8AI score0.00262EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder