Lucene search
K

330 matches found

Vulnrichment
Vulnrichment
added 2024/06/19 1:46 p.m.15 views

CVE-2023-37869 WordPress Premium Addons PRO plugin <= 2.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Premium Addons Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0...

6.5CVSS7AI score0.00503EPSS
Exploits0References1
NVD
NVD
added 2024/06/14 1:15 p.m.37 views

CVE-2024-2024

The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handlefoldersfileupload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload...

8.8CVSS0.03303EPSS
Exploits0References2
CVE
CVE
added 2024/06/14 12:51 p.m.71 views

CVE-2024-2024

CVE-2024-2024 affects Folders Pro for WordPress. All versions up to 3.0.2 fail to validate file types in handle_folders_file_upload, allowing authenticated users with author+ privileges to upload arbitrary files to the server, with potential remote code execution. Remediation: upgrade to 3.0.3 (p...

8.8CVSS8.9AI score0.03303EPSS
Exploits0References2
NVD
NVD
added 2024/06/14 6:15 a.m.24 views

CVE-2024-4404

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'renderraw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating...

9.6CVSS0.00322EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/05 11:28 p.m.5 views

WordPress Folders Pro plugin <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via User First Name and Last Name vulnerability discovered by mike harris in WordPress Plugin Folders versions = 3.0.2...

5.4CVSS5.7AI score0.00369EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/04 3:15 a.m.20 views

CVE-2024-3868

The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

5.4CVSS5.3AI score0.00369EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/04 2:31 a.m.29 views

CVE-2024-3868 Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name

The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

5.4CVSS5.4AI score0.00369EPSS
Exploits0References2
EUVD
EUVD
added 2024/04/26 8:29 a.m.7 views

EUVD-2024-32528

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppomuploadfile function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files...

9.8CVSS7.4AI score0.0137EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/26 8:29 a.m.15 views

CVE-2024-3962 Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppomuploadfile function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files...

9.8CVSS6.6AI score0.0137EPSS
Exploits0References3
CVE
CVE
added 2024/04/26 8:29 a.m.79 views

CVE-2024-3962

The CVE CVE-2024-3962 affects Product Addons & Fields for WooCommerce (PPOM) on WordPress. It is caused by missing file type validation in the ppom_upload_file function, allowing unauthenticated arbitrary file uploads on all versions up to and including 32.0.18. Exploitation requires PPOM Pro ins...

9.8CVSS7.8AI score0.0137EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.11 views

WordPress Piotnet Addons For Elementor Pro Plugin <= 7.1.17 is vulnerable to Server Side Request Forgery (SSRF)

Software Piotnet Addons For Elementor Pro Type Plugin Vulnerable versions = 7.1.17 Fixed in N/A OWASP Top 10 A3: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-33634 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fd220e386df6 Credits Dave Jong...

5.4CVSS6.9AI score0.0029EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.12 views

WordPress Element Pack Pro Plugin <= 7.7.4 is vulnerable to Arbitrary File Download

Software Element Pack Pro Type Plugin Vulnerable versions = 7.7.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-33568 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 6b262cd1989a Credits Rafie Muhammad Patchstack...

8.5CVSS6.6AI score0.00523EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/04/22 1:51 p.m.60 views

CVE-2024-3645

CVE-2024-3645 affects the WordPress plugin Essential Addons for Elementor Pro (Counter widget). The vulnerability is a Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping on user-supplied attributes (e.g., title_html_tag). Impact: authenticated attackers w...

6.4CVSS5.7AI score0.00333EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/19 1:57 a.m.17 views

CVE-2024-3598 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS6.1AI score0.00323EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/17 1:0 p.m.5 views

WordPress WP Staging Pro plugin < 5.4.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Wp Staging Pro versions 5.4.0...

4.8CVSS7.6AI score0.00423EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/03/11 6:15 p.m.6 views

CVE-2024-1279

The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata...

4.3CVSS6.6AI score
Exploits0References1
Cvelist
Cvelist
added 2024/02/01 10:11 a.m.28 views

CVE-2023-51540 WordPress Custom 404 Pro Plugin <= 3.10.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.This issue affects Custom 404 Pro: from n/a through 3.10.0...

7.1CVSS7AI score0.00354EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/01/10 12:0 a.m.17 views

WordPress EventON Pro Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventON Pro Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5cacf0b27060 Credits Francesco Carlucci...

6.5CVSS6.7AI score0.00253EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/12/29 9:13 a.m.33 views

CVE-2023-49830 WordPress Astra Pro Plugin <= 4.3.1 is vulnerable to Remote Code Execution (RCE)

Improper Control of Generation of Code 'Code Injection' vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1...

9.9CVSS9.8AI score0.00661EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/18 12:0 a.m.6 views

WordPress Plugin WP All Export Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS7.8AI score0.0055EPSS
Exploits2References2
Rows per page
Query Builder