Lucene search
K

9 matches found

EUVD
EUVD
added 2026/05/06 12:30 p.m.6 views

EUVD-2026-27548

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...

7.5CVSS5.9AI score0.00336EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/04/10 12:22 p.m.5 views

WordPress Perfmatters plugin <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Overwrite via 'snippets' Parameter vulnerability discovered by hoshino in WordPress Plugin Perfmatters versions = 2.5.9...

8.1CVSS5.8AI score0.00408EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 1:24 a.m.3 views

CVE-2026-4351 Perfmatters <= 2.5.9 - Authenticated (Subscriber+) Arbitrary File Overwrite via 'snippets' Parameter

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...

8.1CVSS5.9AI score0.00408EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/31 12:43 p.m.7 views

WordPress Page Title Splitter plugin <= 2.5.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Page Title Splitter versions = 2.5.9...

6.5CVSS5.7AI score0.0013EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/01 12:0 a.m.5 views

PT-2025-44710

Name of the Vulnerable Software and Affected Versions WP Discourse plugin for WordPress versions through 2.5.9 Description The WP Discourse plugin for WordPress is susceptible to information disclosure. The plugin unconditionally transmits Discourse API credentials Api-Key and Api-Username header...

4.3CVSS6AI score0.00245EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.6 views

PT-2024-32694 · Eyecix · Eyecix Jobsearch

Name of the Vulnerable Software and Affected Versions: Eyecix JobSearch versions n/a through 2.5.9 Description: The issue is related to Deserialization of Untrusted Data, allowing Object Injection in Eyecix JobSearch. This enables potential remote attacks on affected systems. Recommendations: For...

9.8CVSS7.5AI score0.00543EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.23 views

Moodle allows attackers to obtain sensitive information

mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtai...

4CVSS5.9AI score0.01687EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2020/10/01 12:0 a.m.4 views

PT-2020-5675 · Ruby +9 · Ruby +10

Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 2.5.9 Ruby versions 2.6.x through 2.6.6 Ruby versions 2.7.x through 2.7.1 Description: The issue is related to the WEBrick library in Ruby, which has a problem with incorrect checking of the header value. This can...

8.1CVSS6.8AI score0.06811EPSS
Exploits4References183
Debian
Debian
added 2005/09/30 5:23 a.m.30 views

[SECURITY] [DSA 828-1] New squid packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 828-1 [email protected] http://www.debian.org/security/ Martin Schulze September 30th, 2005 http://www.debian.org/security/faq -...

5CVSS6.1AI score0.03404EPSS
Exploits0
Rows per page
Query Builder