Lucene search
K

8 matches found

CNNVD
CNNVD
added 2026/01/22 12:0 a.m.8 views

WordPress plugin Grand Magazine has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.3AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/11 12:58 a.m.26 views

CVE-2025-67718 Formio improperly authorized permission elevation through specially crafted request path

Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized...

8.7CVSS0.00287EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-10188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz...

4.3CVSS5.5AI score0.00888EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.4 views

PT-2025-5430 · Speedcomp · Speedcomp Linet Erp-Woocommerce Integration

Name of the Vulnerable Software and Affected Versions: Speedcomp Linet ERP-Woocommerce Integration versions 3.5.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations:...

6.5CVSS7.2AI score0.00496EPSS
Exploits0References3
OSV
OSV
added 2024/04/15 8:15 a.m.4 views

CVE-2024-32087

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through 3.5.7...

7.2CVSS5.8AI score0.00574EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/01 4:26 a.m.22 views

CVE-2020-36741 MultiVendorX – MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery Bypass

The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submitcomment function. This makes it possible for unauthenticated attackers to submit comments via a forged reque...

4.3CVSS4.3AI score0.00388EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/06/22 12:0 a.m.3 views

WordPress Plugin Quick/Bulk Order Form for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS6.3AI score0.00369EPSS
Exploits0References2
OSV
OSV
added 2019/07/31 10:15 p.m.3 views

UBUNTU-CVE-2019-10187

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to...

4.3CVSS6.9AI score0.00888EPSS
Exploits0References4
Rows per page
Query Builder