Lucene search
K

673 matches found

RedhatCVE
RedhatCVE
added 2025/05/17 2:13 a.m.18 views

CVE-2025-4579

The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6.1AI score0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/15 1:59 a.m.5 views

CVE-2025-4579 WP Content Security Plugin <= 2.3 - Unauthenticated Stored Cross-Site Scripting via CSP-Report Fields

The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6.1AI score0.00301EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.2 views

WordPress plugin WP Content Security Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

7.2CVSS7AI score0.00301EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.3 views

PT-2025-21256 · WordPress · Wp Content Security Plugin

Name of the Vulnerable Software and Affected Versions: WP Content Security Plugin versions up to, and including, 2.3 Description: The WP Content Security Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters due to insufficient...

7.2CVSS7AI score0.00301EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2025/05/01 3:47 p.m.56 views

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name "WP-antymalwary-bot.php," comes with a variety of features to maintain access, hide itself from the admin dashboard, and execut...

7.7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/17 4:17 a.m.7 views

Malicious code in talsec-react-native-security-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 68ab8661116d9ec30b2582ba0a9547684e8ad10024bae79f2b4094e5ea0937d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.5 views

PT-2025-15423 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.6.10.3 Shopware versions prior to 6.5.8.17 Description: The issue allows an attacker to cause a Denial of Service by passing long passwords via forms in Storefront forms or Store-API. Recommendations: For versions...

7.5CVSS6.4AI score0.00365EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.3 views

PT-2025-15894 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.6.10.3 Shopware versions prior to 6.5.8.17 Description: The Shopware application API contains a search functionality that enables users to search through information stored within their Shopware instance. The...

7.3CVSS6.8AI score0.11315EPSS
Exploits1References24
RedHat Linux
RedHat Linux
added 2025/03/04 2:40 p.m.5 views

jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability

A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...

4.3CVSS5.8AI score0.0036EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 9:39 p.m.8 views

CVE-2022-24879

Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery CSRF token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7....

7.5CVSS6.8AI score0.00565EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:29 p.m.8 views

CVE-2022-0993

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and...

9.8CVSS7.2AI score0.07467EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:41 p.m.28 views

CVE-2020-13574

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...

7.5CVSS6.4AI score0.03023EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/04 11:39 p.m.17 views

CVE-2024-22408

Shopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the “call webhook” action. This enables malicious users to perform web requests to internal hosts. This issue has been fix...

8.1CVSS6.9AI score0.00366EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.4 views

WordPress plugin W2S 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.5CVSS8.8AI score0.00341EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/22 2:29 p.m.7 views

CVE-2025-23611 WordPress WH Cache & Security plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound WH Cache & Security allows Reflected XSS. This issue affects WH Cache & Security: from n/a through 1.1.2...

7.1CVSS6.9AI score0.00378EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/16 6:41 p.m.8 views

WordPress WH Cache & Security plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin WH Cache & Security versions = 1.1.2...

7.1CVSS6.1AI score0.00378EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/07 10:49 a.m.5 views

CVE-2024-49222 WordPress WPGuppy plugin <= 1.1.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0...

9.8CVSS6.9AI score0.0049EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/25 12:0 a.m.12 views

WordPress Security & Malware scan by CleanTalk Plugin <= 2.145 is vulnerable to SQL Injection

Software Security & Malware scan by CleanTalk Type Plugin Vulnerable versions = 2.145 Fixed in 2.145.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10570 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID ceade72368ed Credits mikemyers Required...

7.5CVSS6.8AI score0.00544EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/13 9:30 p.m.16 views

Missing permission check in Jenkins Script Security Plugin

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va3bb89f8a95b and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the...

4.3CVSS6.8AI score0.0036EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/11/13 9:30 p.m.9 views

GHSA-JV82-75FH-23R7 Missing permission check in Jenkins Script Security Plugin

Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va3bb89f8a95b and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the...

4.3CVSS4.6AI score0.0036EPSS
Exploits0References3
Rows per page
Query Builder