Lucene search
+L

122 matches found

ptsecurity
ptsecurity
added 2025/11/18 12:0 a.m.8 views

PT-2025-47264

Name of the Vulnerable Software and Affected Versions Download Panel plugin for WordPress versions up to and including 1.3.3 Description The Download Panel plugin for WordPress is susceptible to unauthorized settings modification. This is caused by a missing capability check on the 'wp ajax save...

4.3CVSS5.7AI score0.0022EPSS
Exploits0References6
euvd
euvd
added 2025/11/11 12:30 p.m.8 views

EUVD-2025-84363

The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials hostname, username, and API key in files within the web-accessible wp-content directory witho...

10CVSS6.6AI score0.01041EPSS
Exploits1References3
cve
cve
added 2025/11/04 4:27 a.m.18 views

CVE-2025-12416

Summary: The WordPress Pagerank Tools plugin (versions ≤ 1.1.5) contains a vulnerability where a stored Cross‑Site Scripting attack can be triggered via Cross‑Site Request Forgery. The root cause is missing nonce validation on the pr_save_settings() function and insufficient input sanitization, e...

6.1CVSS4.4AI score0.00137EPSS
Exploits0References3
cvelist
cvelist
added 2025/11/04 4:27 a.m.41 views

CVE-2025-12416 Pagerank Tools <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Pagerank Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the prsavesettings function and insufficient input sanitization. This makes it possible for...

6.1CVSS0.00137EPSS
Exploits0References3
cnvd
cnvd
added 2025/10/21 12:0 a.m.3 views

WordPress TopBar plugin cross-site request forgery vulnerability

WordPress TopBar plugin is a plugin for adding a notification bar at the top of your website, mainly used to display messages, links or promotional content to help users attract attention and increase conversions. The WordPress TopBar plugin suffers from a cross-site request forgery vulnerability...

4.3CVSS6.8AI score0.00156EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/10/16 8:33 a.m.6 views

CVE-2025-10300

The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fmenbtopbarsavesettings function. This makes it possible for unauthenticated attackers to update the plugin's settin...

4.3CVSS5.2AI score0.00156EPSS
Exploits0References1
nvd
nvd
added 2025/10/15 9:15 a.m.7 views

CVE-2025-10300

The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fmenbtopbarsavesettings function. This makes it possible for unauthenticated attackers to update the plugin's settin...

4.3CVSS0.00156EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/10/15 12:0 a.m.7 views

WordPress plugin TopBar 跨站请求伪造漏洞

WordPress TopBar plugin is a plugin for adding a notification bar at the top of your website, mainly used to display messages, links or promotional content to help users attract attention and increase conversions. The WordPress TopBar plugin suffers from a cross-site request forgery vulnerability...

4.3CVSS6.7AI score0.00156EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-29786

Malware in sbrugna...

3.8CVSS4.5AI score0.01177EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-32022

Malicious code in bioql PyPI...

8.4CVSS8.4AI score0.00825EPSS
Exploits1References2
osv
osv
added 2025/06/27 9:15 p.m.5 views

CVE-2025-6778

A vulnerability, which was classified as problematic, was found in code-projects Food Distributor Site 1.0. Affected is an unknown function of the file /admin/savesettings.php. The manipulation of the argument sitephone/siteemail/address leads to cross site scripting. It is possible to launch the...

4.8CVSS3.8AI score0.00324EPSS
Exploits1References8
cve
cve
added 2025/06/27 8:31 p.m.25 views

CVE-2025-6778

CVE-2025-6778 affects code-projects Food Distributor Site 1.0. The vulnerability is an XSS in an unknown function of /admin/save_settings.php, triggered by manipulating the arguments site_phone, site_email, or address. It can be exploited remotely, and multiple sources indicate the exploit has be...

4.8CVSS3.6AI score0.00324EPSS
Exploits1References8Affected Software1
cnnvd
cnnvd
added 2025/06/27 12:0 a.m.6 views

Code-Projects Food Distributor Site 代码注入漏洞

Code-Projects Food Distributor Site is a Code-Projects open source food distributor site. A code injection vulnerability exists in Code-Projects Food Distributor Site version 1.0, which originates from cross-site scripting due to incorrect operation of the parameters sitephone/siteemail/address i...

4.8CVSS4.2AI score0.00324EPSS
Exploits1References9
cnvd
cnvd
added 2025/06/11 12:0 a.m.3 views

Traffic Offense Reporting System save-settings.php file cross-site scripting vulnerability

Traffic Offense Reporting System is a traffic violation reporting system. Traffic Offense Reporting System suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data by the sitename parameter in the save-settings.php file...

5.4CVSS6.4AI score0.00268EPSS
Exploits1References1
osv
osv
added 2025/06/05 2:15 p.m.5 views

CVE-2025-5661

A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. It is...

5.4CVSS3.7AI score0.00268EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2025/06/05 1:31 p.m.9 views

CVE-2025-5661 code-projects Traffic Offense Reporting System Setting save-settings.php cross site scripting

A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. It is...

4.8CVSS6.2AI score0.00268EPSS
Exploits1References5
cve
cve
added 2025/06/05 1:31 p.m.63 views

CVE-2025-5661

CVE-2025-5661 affects code-projects Traffic Offense Reporting System 1.0, specifically the Setting Handler’s save-settings.php. The vulnerability arises from improper handling of the site_name (or “site name”) parameter, leading to cross-site scripting (XSS). It can be exploited remotely, and pub...

5.4CVSS3.3AI score0.00268EPSS
Exploits1References5Affected Software1
redhatcve
redhatcve
added 2025/05/23 9:38 a.m.9 views

CVE-2024-27559

Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery CSRF via the component /savesettings.php...

6.3CVSS7.5AI score0.00225EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 9:4 a.m.4 views

CVE-2024-7285

A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/ajax.php?action=savesettings. The manipulation of the argument name leads to cross site scripting. The attack can ...

5.4CVSS6AI score0.00447EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 5:31 a.m.7 views

CVE-2023-3408

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...

4.3CVSS5.6AI score0.00227EPSS
Exploits0References1
Rows per page
Query Builder