Lucene search
K

181 matches found

Nuclei
Nuclei
added 18 hours ago35 views

Podcast Channels < 0.28 - Cross-Site Scripting

The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability. id: CVE-2014-4544 info: name: Podcast Channels 0.28 - Cross-Site Scripting author: daffainfo severity: medium description: The Podcast Channels WordPress plugin was...

6.1CVSS6.4AI score0.03779EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago25 views

WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting

A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the apiurl parameter. id: CVE-2014-4558 info: name: WooCommerce Swipe = 2.7.1 - Cross-Site...

6.1CVSS6.5AI score0.04055EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago24 views

WP Planet <= 0.1 - Cross-Site Scripting

A cross-site scripting vulnerability in rss.class/scripts/magpiedebug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. id: CVE-2014-4592 info: name: WP Planet = 0.1 - Cross-Site Scripting author:...

6.1CVSS6.5AI score0.03884EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago31 views

Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting

The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability. id: CVE-2014-4561 info: name: Ultimate Weather Plugin = 1.0 - Cross-Site Scripting author: daffainfo severity: medium description: The ultimate-weather plugin 1.0 for WordPress contains a cross-site...

6.1CVSS6.4AI score0.03686EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago26 views

Import Legacy Media <= 0.1 - Cross-Site Scripting

A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4535 info: name: Import Legacy Media = 0.1 - Cross-Site...

6.1CVSS6.5AI score0.03983EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago109 views

Gradio 4.3-4.12 - Local File Read

Local file read by calling arbitrary methods of Components class between Gradio versions 4.3-4.12 id: CVE-2024-1561 info: name: Gradio 4.3-4.12 - Local File Read author: nvn1729,Diablo severity: high description: | Local file read by calling arbitrary methods of Components class between Gradio...

7.5CVSS7AI score0.09239EPSS
Exploits4References6
Nuclei
Nuclei
added 18 hours ago96 views

SupportCandy < 3.1.5 - Unauthenticated SQL Injection

The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks. id: CVE-2023-1730 info: name: SupportCandy 3.1.5 - Unauthenticated SQL Injection author:...

9.8CVSS7.1AI score0.40586EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago72 views

PMB 7.4.6 - Cross-Site Scripting

PMB 7.4.6 contains a cross-site scripting vulnerability via the query parameter at /admin/convert/exportz3950new.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authenticatio...

6.1CVSS6.5AI score0.01169EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago60 views

WordPress Narnoo Distributor <=2.5.1 - Local File Inclusion

WordPress Narnoo Distributor plugin 2.5.1 and prior is susceptible to local file inclusion. The plugin does not validate and sanitize the libpath parameter before being passed into a call to require via the narnoodistributorlibrequest AJAX action, and the content of the file is displayed in the...

9.8CVSS7.4AI score0.4783EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago132 views

WordPress VR Calendar <=2.3.2 - Remote Code Execution

WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without...

9.8CVSS7.4AI score0.12442EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago67 views

WordPress Directorist <7.3.1 - Information Disclosure

WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users. id: CVE-2022-2376 info: name: WordPress Directorist 7.3.1 - Information Disclosure...

5.3CVSS6.2AI score0.01408EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago43 views

microweber 1.2.18 - Cross-site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber prior to 1.2.18. id: CVE-2022-2174 info: name: microweber 1.2.18 - Cross-site Scripting author: r3Y3r53 severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber...

6.5CVSS6.6AI score0.02811EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago39 views

Squidex <7.4.0 - Cross-Site Scripting

Squidex before 7.4.0 contains a cross-site scripting vulnerability via the squid.svg endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2023-24278 info: name: Squidex 7.4....

6.1CVSS6.4AI score0.02908EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago101 views

WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection

WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edddownloadsearch action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

9.8CVSS7.1AI score0.11172EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago113 views

WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery

WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized...

7.5CVSS7.1AI score0.37673EPSS
Exploits0References4
Nuclei
Nuclei
added 18 hours ago66 views

Welcart eCommerce <=2.7.7 - Local File Inclusion

Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion. id: CVE-2022-41840 info: name: Welcart eCommerce =2.7.8 or apply the provided patch to fix the LFI vulnerability. reference: -...

9.8CVSS7AI score0.05116EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago35 views

WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting

WordPress Sunshine Photo Cart plugin before 2.9.15 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affecte...

6.1CVSS6.5AI score0.00902EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago62 views

Stock Ticker <= 3.23.2 - Cross-Site-Scripting

The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajaxstocktickersymbolsearchtest function in versions up to, and including, 3.23.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.9AI score0.49315EPSS
Exploits0References5
Nuclei
Nuclei
added 18 hours ago76 views

WordPress User Post Gallery <=2.19 - Remote Code Execution

WordPress User Post Gallery plugin through 2.19 is susceptible to remote code execution. The plugin does not limit which callback functions can be called by users, making it possible for an attacker execute malware, obtain sensitive information, modify data, and/or gain full control over a...

9.8CVSS7.2AI score0.42723EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago52 views

Jira Netic Group Export <1.0.3 - Missing Authorization

Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexportdownload=true request to a...

5.3CVSS6.3AI score0.2568EPSS
Exploits1References5
Rows per page
Query Builder