Lucene search
+L

41 matches found

NVD
NVD
added 2024/07/13 6:15 a.m.39 views

CVE-2024-5034

The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS0.00359EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/13 6:0 a.m.23 views

CVE-2024-5151 SULly < 4.3.1 - Admin+ Stored XSS

The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.00387EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.36 views

CVE-2024-5151 SULly < 4.3.1 - Admin+ Stored XSS

The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00387EPSS
Exploits1References1
CVE
CVE
added 2024/07/13 6:0 a.m.63 views

CVE-2024-5151

The CVE-2024-5151 entry concerns the SULly WordPress plugin prior to version 4.3.1. The vulnerability is a Stored XSS caused by insufficient sanitization/escaping of plugin settings, potentially allowing high-privilege users (e.g., administrators) to inject scripts even when unfiltered_html is di...

7.1CVSS6.2AI score0.00387EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/13 6:0 a.m.13 views

CVE-2024-5034 SULly < 4.3.1 - Plugin Reset via CSRF

The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.8AI score0.00359EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.37 views

CVE-2024-5034 SULly < 4.3.1 - Plugin Reset via CSRF

The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

0.00359EPSS
Exploits1References1
CVE
CVE
added 2024/07/13 6:0 a.m.49 views

CVE-2024-5033

The CVE-2024-5033 entry concerns the SULly WordPress plugin prior to version 4.3.1, which lacks CSRF checks and proper sanitization/escaping, enabling a logged-in admin to inject Stored XSS payloads via a CSRF attack. Red Hat and Patchstack entries corroborate the vulnerability description and no...

5.9CVSS5.8AI score0.00209EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/07/13 6:0 a.m.48 views

CVE-2024-5034

CVE-2024-5034 affects the SULly WordPress plugin prior to 4.3.1. The issue is a lack of CSRF checks in several actions, enabling CSRF-based actions by logged-in users. The documented impact is high: CVSS v3.1 base score 8.8 (HIGH) with network attack vector, no privileges, user interaction requir...

8.8CVSS8.7AI score0.00359EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/13 6:0 a.m.14 views

CVE-2024-5033 SULly < 4.3.1 - Admin+ Stored XSS via CSRF

The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

5.9AI score0.00209EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.35 views

CVE-2024-5033 SULly < 4.3.1 - Admin+ Stored XSS via CSRF

The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

0.00209EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/13 6:0 a.m.11 views

CVE-2024-5032 SULly < 4.3.1 - Reflected XSS

The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1AI score0.00489EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.24 views

CVE-2024-5032 SULly < 4.3.1 - Reflected XSS

The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00489EPSS
Exploits1References1
CVE
CVE
added 2024/07/13 6:0 a.m.48 views

CVE-2024-5032

CVE-2024-5032 - SULly WordPress plugin : Versions prior to 4.3.1 do not sanitize/escape a parameter before echoing it on the page, causing a Reflected XSS that could affect high-privilege users (e.g., admins). The issue is fixed in 4.3.1; upgrade to 4.3.1 or later. If upgrading, test compatibility.

4.7CVSS4.9AI score0.00489EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/07/13 12:0 a.m.3 views

WordPress plugin SULly security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.9CVSS6.8AI score0.00209EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/07/13 12:0 a.m.6 views

PT-2024-34143 · WordPress · Sully

Name of the Vulnerable Software and Affected Versions: SULly WordPress plugin versions prior to 4.3.1 Description: The issue concerns a lack of CSRF check in certain areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via...

5.9CVSS5.5AI score0.00209EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/07/13 12:0 a.m.6 views

WordPress plugin SULly security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.7CVSS6.2AI score0.00489EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/07/13 12:0 a.m.8 views

PT-2024-34135 · WordPress · Sully

Name of the Vulnerable Software and Affected Versions: SULly WordPress plugin versions prior to 4.3.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. This...

4.7CVSS5.8AI score0.00489EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/07/13 12:0 a.m.7 views

PT-2024-34150 · WordPress · Sully

Name of the Vulnerable Software and Affected Versions: SULly WordPress plugin versions prior to 4.3.1 Description: The issue concerns a lack of CSRF checks in certain areas, potentially allowing attackers to trick logged-in users into performing unintended actions through CSRF attacks...

8.8CVSS6.2AI score0.00359EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/07/13 12:0 a.m.6 views

WordPress plugin SULly security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.1CVSS6.1AI score0.00387EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/07/13 12:0 a.m.6 views

WordPress plugin SULly security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.8AI score0.00359EPSS
Exploits1References2
Rows per page
Query Builder