Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/02/12 1:43 p.m.7 views

CVE-2026-1215

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mmacalltrackingmenu admin page. This makes it possible for unauthenticated attackers...

4.3CVSS5.4AI score0.0016EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-11932

Malicious code in bioql PyPI...

7.2CVSS8.7AI score0.00242EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:43 a.m.12 views

CVE-2024-9221

The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS6.4AI score0.00399EPSS
Exploits0References1
NVD
NVD
added 2025/04/08 5:15 a.m.6 views

CVE-2024-13820

The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.11 via the 'run' function, which uses a hardcoded hash. This makes it possible for unauthenticated attackers to extract sensitive data including environment information...

5.3CVSS0.00359EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/20 8:25 a.m.8 views

CVE-2024-11376

The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 241114...

6.1CVSS6.3AI score0.00397EPSS
Exploits0References1
NVD
NVD
added 2025/02/19 8:15 a.m.4 views

CVE-2024-12339

The Digihood HTML Sitemap plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘channel' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.1CVSS0.00411EPSS
Exploits0References3
Rows per page
Query Builder