Lucene search
K

328 matches found

Vulnrichment
Vulnrichment
added 2022/09/30 4:52 p.m.7 views

CVE-2021-36854 WordPress Booking Ultra Pro plugin <= 1.1.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities in Booking Ultra Pro plugin = 1.1.4 at WordPress...

5.4CVSS6.7AI score0.00265EPSS
Exploits0References2
CVE
CVE
added 2022/09/30 4:52 p.m.65 views

CVE-2021-36854

CVE-2021-36854 affects WordPress Booking Ultra Pro plugin versions up to 1.1.4. The root cause is missing CSRF checks in multiple areas, enabling CSRF to trigger actions by authenticated users. Impact per sources is user action changes with potential confidentiality/integrity concerns; exploitati...

8.8CVSS7.4AI score0.00265EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/08/08 2:15 p.m.5 views

CVE-2022-2391

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description...

5.4CVSS5.8AI score0.00495EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/07/26 12:0 a.m.6 views

PT-2022-16328 · WordPress · Inspiro Pro

Name of the Vulnerable Software and Affected Versions: Inspiro PRO WordPress plugin affected versions not specified Description: The issue allows users with privileges as low as Contributor to inject JavaScript into the portfolio slider description due to a lack of sanitization. This can lead to...

5.4CVSS5.1AI score0.00495EPSS
Exploits2References5
Prion
Prion
added 2022/06/30 5:15 a.m.15 views

Sql injection

A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS9AI score0.00832EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/06/30 5:5 a.m.46 views

CVE-2017-20124

The CVE-2017-20124 entry affects Online Hotel Booking System Pro Plugin 1.0, specifically the /front/roomtype-details.php file. The vulnerability stems from unsafely handling the tid argument, causing an SQL injection that can be triggered remotely. Public exploits have been disclosed (e.g., Expl...

8.8CVSS7.8AI score0.00832EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/03/07 9:15 a.m.4 views

CVE-2021-24961

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.0077EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.6 views

WordPress Station Pro plugin <= 2.2.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Station Pro plugin versions = 2.2.4. Solution No patched version available...

4.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.12 views

WordPress Advanced Classifieds & Directory Pro plugin < 1.8.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Advanced Classifieds & Directory Pro plugin versions 1.8.8. Solution Update the WordPress Advanced Classifieds & Directory Pro plugin to the latest available version at least 1.8.8...

3.9AI score
Exploits0References2Affected Software1
CVE
CVE
added 2021/11/18 2:37 p.m.58 views

CVE-2021-36908

The CVE-2021-36908 affects WebFactory Ltd. WP Reset PRO plugin for WordPress, specifically versions

8.8CVSS8.9AI score0.00685EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/08/09 10:15 a.m.3 views

CVE-2021-24507

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an...

9.8CVSS5.9AI score0.11302EPSS
Exploits2References2
FireEye
FireEye
added 2021/07/19 12:0 a.m.161 views

capa 2.0: Better, Stronger, Faster

We are excited to announce version 2.0 of our open-source tool called capa. capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and deep dive reverse engineering. If you haven’t heard of capa before, or need a refresher, check...

6.7AI score
Exploits0References24
CNVD
CNVD
added 2021/04/28 12:0 a.m.8 views

WordPress code issue vulnerability (CNVD-2021-44308)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in Business Hours Pro WordPress plugin version 5.5.0 and prior...

9.8CVSS7.9AI score0.03037EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/28 12:0 a.m.8 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-44304)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Cooked Pro WordPress plugin versions prior to 1.7.5.6...

6.1CVSS5.9AI score0.01749EPSS
Exploits3References1
CNNVD
CNNVD
added 2021/04/22 12:0 a.m.4 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Cooked Pro WordPress plugin versions prior to 1.7.5.6...

6.1CVSS5.3AI score0.01749EPSS
Exploits3References4
CNVD
CNVD
added 2020/09/09 12:0 a.m.3 views

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-51386)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

6.5CVSS6.5AI score0.00626EPSS
Exploits0References1
NVD
NVD
added 2020/09/01 2:15 p.m.15 views

CVE-2020-2251

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...

4.3CVSS4.6AI score0.00514EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/09/01 12:0 a.m.6 views

PT-2020-15475 · Smartbear +2 · Readyapi Functional Testing Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins SoapUI Pro Functional Testing Plugin versions 1.5 and earlier ReadyAPI Functional Testing Plugin versions 1.5 and earlier Jenkins versions prior to 2.236, including 2.235.x LTS Description: The issue concerns the transmission of proje...

4.3CVSS4.7AI score0.00514EPSS
Exploits0References9
NVD
NVD
added 2020/07/02 4:15 p.m.13 views

CVE-2020-14092

The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection...

9.8CVSS0.9453EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/07/02 3:20 p.m.25 views

CVE-2020-14092

The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection...

9.8AI score0.9453EPSS
Exploits1References3
Rows per page
Query Builder