Lucene search
+L

512 matches found

vulnrichment
vulnrichment
added 2024/11/09 3:17 a.m.11 views

CVE-2024-10673 Top Store <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the topstoreinstallandactivatecallback function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS8AI score0.01146EPSS
Exploits2References2
patchstack
patchstack
added 2024/11/08 10:40 p.m.7 views

WordPress Top Store theme <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation vulnerability

Authenticated Subscriber+ Arbitrary Plugin Installation/Activation vulnerability discovered by WordFence in WordPress Theme Top Store versions = 1.5.4...

8.8CVSS7.1AI score0.01146EPSS
Exploits2References1Affected Software1
nvd
nvd
added 2024/10/18 8:15 a.m.19 views

CVE-2024-10079

The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajaximportcontent' function. This allows authenticated attackers, with subscriber-level permissions an...

8.8CVSS0.00779EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/08/08 12:0 a.m.5 views

WordPress theme News Flash 安全漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme News Flash version 1.1.0 and earlier...

7.2CVSS6.5AI score0.0062EPSS
Exploits0References3
patchstack
patchstack
added 2024/07/18 1:3 a.m.4 views

WordPress Zenon Lite theme <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Zenon Lite versions = 1.9...

6.4CVSS5.8AI score0.00302EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2024/06/29 12:0 a.m.10 views

PT-2024-12862 · WordPress · Goya Theme For Wordpress

Name of the Vulnerable Software and Affected Versions: Goya theme for WordPress versions up to, and including, 1.0.8.7 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject...

6.1CVSS6AI score0.00367EPSS
Exploits0References5
patchstack
patchstack
added 2024/06/20 8:49 a.m.5 views

WordPress Education Zone theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Education Zone versions = 1.3.4...

4.3CVSS7AI score0.0018EPSS
Exploits0Affected Software1
attackerkb
attackerkb
added 2024/05/14 12:0 a.m.30 views

CVE-2024-3806

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the ‘portoajaxposts’ function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in...

9.8CVSS7.9AI score0.02687EPSS
In wildExploits0References3
attackerkb
attackerkb
added 2024/05/14 12:0 a.m.35 views

CVE-2024-3807

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via ‘portopageheadershortcodetype’, ‘slideshowtype’ and ‘postlayout’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to...

8.8CVSS7.6AI score0.01538EPSS
In wildExploits0References3
cnnvd
cnnvd
added 2024/05/14 12:0 a.m.6 views

WordPress Theme Porto 安全漏洞

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Porto version 3.0.9 and earlier versions...

8.8CVSS6AI score0.01002EPSS
Exploits0References4
patchstack
patchstack
added 2024/05/07 9:19 a.m.5 views

WordPress Stockholm theme <= 9.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Stockholm versions = 9.6...

8.8CVSS7AI score0.00514EPSS
Exploits0Affected Software1
ptsecurity
ptsecurity
added 2024/05/02 12:0 a.m.11 views

PT-2024-26351 · WordPress · Phlox

Name of the Vulnerable Software and Affected Versions: Shortcodes and extra features for Phlox theme plugin for WordPress versions up to, and including, 2.15.5 Description: The issue is related to Stored Cross-Site Scripting via the Accordion Widget due to insufficient input sanitization and outp...

6.4CVSS5.7AI score0.00531EPSS
Exploits0References6
patchstack
patchstack
added 2024/04/22 12:50 p.m.5 views

WordPress Royal Elementor Kit theme <= 1.0.116 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Royal Elementor Kit versions = 1.0.116...

4.3CVSS7AI score0.002EPSS
Exploits0Affected Software1
euvd
euvd
added 2024/04/16 9:32 a.m.4 views

EUVD-2024-32435

The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in version 2.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...

6.1CVSS6AI score0.00818EPSS
Exploits0References2
wpvulndb
wpvulndb
added 2024/04/16 12:0 a.m.16 views

Shortcodes and extra features for Phlox theme <= 2.15.2 - Subscriber+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxintemplatecontrolimporter' function. This makes it possible for authenticated attackers able to upload a separate PHAR payload as an image file to inje...

7.5CVSS7.1AI score0.00869EPSS
Exploits0References1
osv
osv
added 2024/04/09 7:15 p.m.6 views

AZL-43182 CVE-2024-1984 affecting package graphene 1.10.8-1

The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source...

5.3CVSS5.7AI score0.00523EPSS
Exploits0References1
cvelist
cvelist
added 2024/04/09 6:59 p.m.30 views

CVE-2024-2344 Avada <= 7.11.6 - Authenticated (Admin+) SQL Injection via entry

The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticted...

7.2CVSS7.3AI score0.00828EPSS
Exploits1References3
wpvulndb
wpvulndb
added 2024/03/04 12:0 a.m.15 views

Vimeography < 2.3.3 - Contributor+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the vimeographyduplicategalleryserialized in the duplicategallery function. This makes it possible for authenticated attackers attackers, with contributor access or higher, to inject a PHP...

8.8CVSS9.2AI score0.00893EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2024/02/28 12:0 a.m.13 views

WordPress Theme Yuki Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.8AI score0.0021EPSS
Exploits0References3
wpvulndb
wpvulndb
added 2024/01/12 12:0 a.m.23 views

HTML5 SoundCloud Player <= 2.8.0 - Authenticated (Author+) PHP Object Injection

Description The HTML5 SoundCloud Player with Playlist Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.8.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and above, to inje...

9.1CVSS7.4AI score0.00618EPSS
Exploits0References1
Rows per page
Query Builder