Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 2024/12/06 12:0 a.m.4 views

PT-2024-30386 · WordPress · Sweet Date

Name of the Vulnerable Software and Affected Versions: Sweet Date versions 3.7.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Sweet Date WordPress theme, which could expose thousands of sites to potential takeovers. This vulnerability may allow...

9.8CVSS9.2AI score0.0076EPSS
Exploits0References12
Prion
Prion
added 2024/02/05 10:15 p.m.30 views

Directory traversal

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...

5.8CVSS6.8AI score0.01312EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/02/05 9:21 p.m.33 views

CVE-2024-0221 Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead ...

9.1CVSS9.1AI score0.01312EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.14 views

CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Deletion

Description The CataBlog plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with editor access or higher to delete arbitrary files on the affected site's server which may make site takeover...

6.8AI score0.00519EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2022/01/21 6:19 p.m.33 views

20K WordPress Sites Exposed by Insecure Plugin REST-API

More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams and more as the result of a high-severity cross-site scripting XSS bug discovered in the WordPress Email Template Designer – WP HTML Mail, a plugin for designing custom emails. The new vulnerability...

8.3CVSS6.7AI score0.70511EPSS
Exploits3References6
ThreatPost
ThreatPost
added 2020/10/05 9:11 p.m.215 views

Post Grid WordPress Plugin Flaws Allow Site Takeovers

Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid’s sister plug-in, Team Showcase, which has 6,000 installations. The issues...

10AI score0.26869EPSS
Exploits0References10
Rows per page
Query Builder