Lucene search
+L

125 matches found

NVD
NVD
added 2026/06/30 6:16 a.m.11 views

CVE-2026-12349

The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This is due to missing authorization and capability checks on the addcustomsidebar and removecustomsidebar AJAX handlers, both of which are...

5.3CVSS0.00239EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/30 4:30 a.m.7 views

CVE-2026-12349

The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This is due to missing authorization and capability checks on the addcustomsidebar and removecustomsidebar AJAX handlers, both of which are...

5.3CVSS5.9AI score0.00239EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/30 4:30 a.m.7 views

EUVD-2026-40252

The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This is due to missing authorization and capability checks on the addcustomsidebar and removecustomsidebar AJAX handlers, both of which are...

5.3CVSS5.9AI score0.00239EPSS
Exploits0References6
CVE
CVE
added 2026/06/30 4:30 a.m.20 views

CVE-2026-12349

The CVE-2026-12349 entry concerns the WordPress plugin Premium Addons for KingComposer (versions up to and including 1.1.1). It describes missing authorization and capability checks on two AJAX handlers, add_custom_sidebar() and remove_custom_sidebar(), which are exposed via wp_ajax_nopriv_* and ...

5.3CVSS5.9AI score0.00239EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-53810

Name of the Vulnerable Software and Affected Versions Premium Addons for KingComposer versions prior to 1.1.2 Description Missing authorization and capability checks in the add custom sidebar and remove custom sidebar AJAX handlers allow unauthenticated attackers to modify or delete data. These...

5.3CVSS6AI score0.00239EPSS
Exploits0References12
OSV
OSV
added 2026/05/06 10:22 p.m.4 views

GHSA-95Q8-X6R6-672M Lemmy may expose private community data through community, saved, liked, and modlog API views

NOTE: Only affects development version. Summary Lemmy applies private-community checks in PostView and CommentView, but several adjacent API views skip the accepted-follower filter. Bob, a registered user who is not an accepted follower, can read private community sidebar and summary fields. Alic...

5.3CVSS5.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:34 a.m.8 views

CVE-2017-18510

The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions...

8.8CVSS7AI score0.00649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.8 views

CVE-2017-18511

The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF...

8.8CVSS7.1AI score0.00649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.14 views

CVE-2023-31091

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pradeep Singh Dynamically Register Sidebars plugin = 1.0.1 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/31 11:6 a.m.8 views

CVE-2025-69007

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

5.9CVSS6AI score0.00172EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/30 12:30 p.m.6 views

EUVD-2025-205736

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

5.9CVSS5.5AI score0.00172EPSS
Exploits0References2
NVD
NVD
added 2025/12/30 11:15 a.m.6 views

CVE-2025-69007

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

5.9CVSS0.00172EPSS
Exploits0References1
CVE
CVE
added 2025/12/30 10:47 a.m.12 views

CVE-2025-69007

Technical details for CVE-2025-69007 are not provided in the connected documents. No vendor/product/version/impact/fix specifics are available beyond the initial description. Monitor for updates.

5.9CVSS5.6AI score0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/30 10:47 a.m.44 views

CVE-2025-69007 WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

5.9CVSS0.00172EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.8 views

PT-2025-53889

Name of the Vulnerable Software and Affected Versions OTWthemes Popping Sidebars and Widgets Light versions through 1.27 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This issue could...

5.9CVSS6AI score0.00172EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.4 views

WordPress plugin Popping Sidebars and Widgets Light 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.9CVSS5.4AI score0.00172EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/26 6:43 a.m.11 views

WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin Popping Sidebars and Widgets Light versions = 1.27...

5.9CVSS6.1AI score0.00172EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.7 views

CVE-2025-62733

Cross-Site Request Forgery CSRF vulnerability in ProteusThemes Custom Sidebars by ProteusThemes custom-sidebars-by-proteusthemes allows Cross Site Request Forgery.This issue affects Custom Sidebars by ProteusThemes: from n/a through = 1.0.3...

4.3CVSS6.9AI score0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-202027

Cross-Site Request Forgery CSRF vulnerability in ProteusThemes Custom Sidebars by ProteusThemes custom-sidebars-by-proteusthemes allows Cross Site Request Forgery.This issue affects Custom Sidebars by ProteusThemes: from n/a through = 1.0.3...

6.3AI score0.00111EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:18 p.m.3 views

CVE-2025-62733

Cross-Site Request Forgery CSRF vulnerability in ProteusThemes Custom Sidebars by ProteusThemes custom-sidebars-by-proteusthemes allows Cross Site Request Forgery.This issue affects Custom Sidebars by ProteusThemes: from n/a through = 1.0.3...

4.3CVSS0.00111EPSS
Exploits0References1
Rows per page
Query Builder