Lucene search
+L

3901 matches found

OSV
OSV
added 2022/11/18 11:15 p.m.3 views

CVE-2022-41655

Auth. subscriber+ Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin = 3.7.1 on WordPress...

6.5CVSS5.8AI score0.00591EPSS
Exploits0References2
OSV
OSV
added 2022/11/18 11:15 p.m.3 views

CVE-2022-40130

Auth. subscriber+ Race Condition vulnerability in WP-Polls plugin = 2.76.0 on WordPress...

3.1CVSS5.8AI score0.00382EPSS
Exploits0References2
OSV
OSV
added 2022/11/18 11:15 p.m.3 views

CVE-2022-40216

Auth. subscriber+ Messaging Block Bypass vulnerability in Better Messages plugin = 1.9.10.69 on WordPress...

6.5CVSS5.8AI score0.00447EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/18 12:0 a.m.15 views

PT-2022-25983 · Unknown · Bp Better Messages

Name of the Vulnerable Software and Affected Versions: Better Messages plugin version 1.9.10.68 Description: The issue is related to an Authenticated Server-Side Request Forgery SSRF vulnerability. This means that an attacker could potentially forge requests to internal or external services, but...

8.8CVSS8.4AI score0.00535EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/18 12:0 a.m.6 views

PT-2022-26073 · WordPress · Soledad

Name of the Vulnerable Software and Affected Versions: Soledad premium theme version 8.2.5 and earlier Description: A Cross-Site Scripting XSS issue affects the Soledad premium theme on WordPress, specifically for users with subscriber or higher authentication. This issue allows for malicious...

5.4CVSS5.2AI score0.00397EPSS
Exploits0References4
OSV
OSV
added 2022/11/17 10:15 p.m.6 views

CVE-2022-38461

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin = 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings selected language for legacy widgets, the default behavior for media content...

4.3CVSS5.8AI score0.00503EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/17 12:0 a.m.8 views

PT-2022-24416 · WordPress · Wpml Multilingual Cms

Name of the Vulnerable Software and Affected Versions: WPML Multilingual CMS premium plugin versions = 4.5.10 Description: The issue allows users with a subscriber or higher user role to change plugin settings, including the selected language for legacy widgets and the default behavior for media...

5.4CVSS4.8AI score0.00503EPSS
Exploits0References4
OSV
OSV
added 2022/11/08 7:15 p.m.3 views

CVE-2022-40206

Insecure direct object references IDOR vulnerability in the wpForo Forum plugin = 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public...

4.3CVSS5.8AI score0.00455EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.5 views

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.3CVSS5.2AI score0.00455EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/11/07 12:0 a.m.8 views

CVE-2022-3536 Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, an...

6.8AI score0.00511EPSS
Exploits2References1
OSV
OSV
added 2022/10/28 7:15 p.m.3 views

CVE-2022-3401

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability CVE-2022-3400, makes it possible for authenticate...

8.8CVSS6.2AI score0.01556EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/10/28 7:15 p.m.2 views

CVE-2022-3401

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability CVE-2022-3400, makes it possible for authenticate...

8.8CVSS7.4AI score0.01556EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2022/09/23 4:15 p.m.8 views

CVE-2022-38134

Authenticated subscriber+ Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin = 5.3.5 at WordPress...

8.8CVSS5.8AI score0.00796EPSS
Exploits0References2
OSV
OSV
added 2022/09/09 3:15 p.m.5 views

CVE-2022-38058

Authenticated subscriber+ Plugin Setting change vulnerability in WP Shamsi plugin = 4.1.1 at WordPress...

4.3CVSS5.8AI score0.00538EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/23 12:0 a.m.6 views

PT-2022-21707 · WordPress · Wordplus Better Messages

Name of the Vulnerable Software and Affected Versions: WordPlus WordPress Better Messages plugin versions = 1.9.10.57 Description: The issue is an authenticated Denial Of Service DoS vulnerability. This means that an attacker who has subscriber-level access or higher can exploit this issue to cau...

7.7CVSS6.3AI score0.00871EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/08/08 12:0 a.m.15 views

PT-2022-13797 · WordPress · Discy

Name of the Vulnerable Software and Affected Versions: Discy WordPress theme versions prior to 5.0 Description: The issue allows any logged-in users, with privileges as low as Subscriber, to change theme options by sending a crafted POST request to the "discy update options" action due to a lack ...

6.5CVSS6.4AI score0.00645EPSS
Exploits2References5
OSV
OSV
added 2022/08/01 1:15 p.m.7 views

CVE-2022-2369

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin...

4.3CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2022/05/02 8:15 p.m.6 views

CVE-2022-29444

Plugin Settings Change leading to Cross-Site Scripting XSS vulnerability in Cloudways Breeze plugin = 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wpajax actions in the class BreezeConfiguration which includes the ability to change any of the plugin'...

5.4CVSS5.9AI score0.00538EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2022/05/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-29444

Plugin Settings Change leading to Cross-Site Scripting XSS vulnerability in Cloudways Breeze plugin = 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wpajax actions in the class BreezeConfiguration which includes the ability to change any of...

6.5CVSS6.2AI score0.00538EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/04 4:15 p.m.7 views

CVE-2022-0403

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues CVE-2021-32682, and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users,...

8.1CVSS7.7AI score0.01231EPSS
Exploits2References2
Rows per page
Query Builder