Lucene search
K

7 matches found

NVD
NVD
added 2025/06/10 4:15 a.m.13 views

CVE-2025-4601

The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiryupdateprofile function. This makes it possible for...

8.8CVSS0.04474EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/04/27 12:5 p.m.17 views

CVE-2025-2470

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

9.8CVSS7.4AI score0.00388EPSS
Exploits0References1
NVD
NVD
added 2025/04/25 12:15 p.m.9 views

CVE-2025-2470

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

9.8CVSS0.00388EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/13 12:0 a.m.3 views

PT-2024-28566 · WordPress · Giveaways/Contests By Rafflepress

Name of the Vulnerable Software and Affected Versions: Giveaways and Contests by RafflePress WordPress plugin versions prior to 1.12.14 Description: The issue concerns a lack of sanitization and escaping of certain parameters, potentially allowing users with a role as low as editor to perform...

6.5CVSS6AI score0.00477EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.5 views

PT-2023-16123 · WordPress · Wp Yelp Review Slider

Name of the Vulnerable Software and Affected Versions: WP Yelp Review Slider WordPress plugin versions prior to 7.1 Description: The issue is related to a SQL injection that occurs due to improper sanitization and escaping of a parameter before it is used in a SQL statement. This can be exploited...

8.8CVSS8.8AI score0.00919EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/12/19 12:0 a.m.3 views

PT-2022-24936 · WordPress · Easy Video Player

Name of the Vulnerable Software and Affected Versions: Easy Video Player WordPress plugin versions prior to 1.2.2.3 Description: The issue allows users with a role as low as Contributor to perform Cross-Site Scripting attacks due to the plugin not sanitizing and escaping some parameters...

5.4CVSS5.3AI score0.00507EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2022/10/25 12:0 a.m.5 views

PT-2022-21926 · WordPress · Wp All Export Pro

Name of the Vulnerable Software and Affected Versions: WP All Export Pro versions prior to 1.7.9 Description: The issue allows any logged-in user with export privileges to execute arbitrary code on the site, despite the default restriction to administrators. This is because the plugin does not...

7.2CVSS7.3AI score0.01307EPSS
Exploits2References4
Rows per page
Query Builder