Lucene search
K

32 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42844

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS6.1AI score0.00294EPSS
Exploits0References7
Patchstack
Patchstack
added 6 days ago4 views

WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.6 - Missing Authorization to Authenticated (Subscriber+) Scan Schedule Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Scan Schedule Modification vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.6...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/18 8:16 a.m.15 views

CVE-2026-12136

The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasicsuseravatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escaping on user supplied attributes minheight,...

6.4CVSS0.00193EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/18 6:50 a.m.12 views

EUVD-2026-37859

The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasicsuseravatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escaping on user supplied attributes minheight,...

6.4CVSS5.5AI score0.00193EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.11 views

CVE-2026-8502

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'returntype' parameter. This makes it possible for unauthenticated attackers to extract sensitive data...

5.3CVSS5.5AI score0.00353EPSS
Exploits0References15
NVD
NVD
added 2026/06/01 3:16 p.m.17 views

CVE-2026-48865

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...

7.1CVSS0.00198EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 2:58 p.m.6 views

CVE-2025-71242 SPIP < 4.3.6 Authorization Bypass Leading to Content Disclosure

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections rubriques in AJAX-loaded fragments, allowing an authenticated attacker to access restricted...

5.3CVSS5.9AI score0.00245EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/02/19 2:58 p.m.5 views

CVE-2025-71241

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting XSS in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen...

6.1CVSS5.3AI score0.002EPSS
Exploits0
EUVD
EUVD
added 2026/01/15 12:31 a.m.5 views

EUVD-2024-30262

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.This issue affects RealHomes: from n/a through 4.3.6...

9.8CVSS8.9AI score0.00647EPSS
Exploits0References2
Fedora
Fedora
added 2025/12/27 12:42 a.m.6 views

[SECURITY] Fedora 43 Update: singularity-ce-4.3.6-1.fc43

SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and secure...

6.6CVSS6.9AI score0.00121EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-32465

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00623EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-35398

Malicious code in bioql PyPI...

4.4CVSS6.6AI score0.00244EPSS
Exploits0References1
OSV
OSV
added 2025/09/03 7:15 a.m.3 views

CVE-2024-32444

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.This issue affects RealHomes: from n/a through 4.3.6...

9.8CVSS5.8AI score0.00647EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:14 a.m.6 views

CVE-2024-35637

Server-Side Request Forgery SSRF vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.3.6...

4.4CVSS5.9AI score0.00244EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.14 views

WordPress Popup box Plugin <= 4.3.6 is vulnerable to Broken Access Control

Software Popup box Type Plugin Vulnerable versions = 4.3.6 Fixed in 4.3.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3897 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a8831019ec23 Credits Krzysztof Zając Required privilege...

5.3CVSS6.6AI score0.00623EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/12/26 12:0 a.m.5 views

WordPress Plugin Paytium 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

4.8CVSS5AI score0.0047EPSS
Exploits2References2
OSV
OSV
added 2020/12/31 5:15 p.m.2 views

CVE-2018-19945

A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerabilit...

9.1CVSS5.9AI score0.0111EPSS
Exploits0References1
Prion
Prion
added 2020/12/08 10:15 p.m.17 views

Code injection

Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. This has been patched in v4.3.6 You will...

3.5CVSS6.4AI score0.01518EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 7:39 p.m.69 views

Remote Memory Exposure in mongoose

Versions of mongoose before 4.3.6, 3.8.39 are vulnerable to remote memory exposure. Trying to save a number to a field of type Buffer on the affected mongoose versions allocates a chunk of uninitialized memory and stores it in the database. Recommendation Update to version 4.3.6, 3.8.39 or later...

3.9AI score
Exploits0References5Affected Software1
Fedora
Fedora
added 2019/12/13 1:4 a.m.54 views

[SECURITY] Fedora 30 Update: dhcp-4.3.6-38.fc30

DHCP Dynamic Host Configuration Protocol...

7.5CVSS0.8AI score0.04022EPSS
Exploits0
Rows per page
Query Builder