Lucene search
K

36 matches found

Positive Technologies
Positive Technologies
added 2025/03/26 12:0 a.m.8 views

PT-2025-12883 · WordPress · Product Import Export For Woocommerce

Name of the Vulnerable Software and Affected Versions: Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress versions up to, and including, 2.5.0 Description: The issue allows authenticated attackers with Administrator-level access and above to make web...

7.6CVSS9.1AI score0.00353EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/02/05 10:10 a.m.20 views

CVE-2024-3495

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

9.8CVSS7.3AI score0.13618EPSS
Exploits1References1
NVD
NVD
added 2025/01/24 11:15 a.m.10 views

CVE-2024-13409

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the posttypeajaxhandler function. This makes it possible for...

8.8CVSS0.00842EPSS
Exploits0References4
Circl
Circl
added 2024/12/12 8:18 a.m.19 views

CVE-2024-11972

creationtimestamp| type| source ---|---|--- 2024-12-12 08:18:00+00:00| seen| https://thehackernews.com/2024/12/wordpress-hunk-companion-plugin-flaw.html 2024-12-12 10:21:49+00:00| exploited| https://t.me/thehackernews/6031 2024-12-12 14:52:32+00:00| published-proof-of-concept|...

9.8CVSS7.5AI score0.54754EPSS
Exploits5References26
Cvelist
Cvelist
added 2024/12/12 3:23 a.m.15 views

CVE-2024-11417 dejure.org Vernetzungsfunktion <= 1.97.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5. This is due to missing or incorrect nonce validation on the djoeinstellungenmenue function. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00217EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/03 2:5 a.m.16 views

CVE-2024-9694 CMSMasters Elementor Addon <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/23 11:23 a.m.8 views

CVE-2024-11034 Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form

The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via firecontactform AJAX action in all versions up to, and including, 1.4. This is due to the software...

7.3CVSS7.8AI score0.00727EPSS
Exploits0References4
OSV
OSV
added 2024/05/02 4:52 p.m.8 views

CVE-2024-3215 Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmproupdatelevelgrouporder function. Th...

5.3CVSS5.8AI score0.00297EPSS
Exploits0References4
CVE
CVE
added 2023/11/20 6:55 p.m.58 views

CVE-2023-5340

The CVE-2023-5340 affects the Five Star Restaurant Menu and Food Ordering WordPress plugin prior to version 2.4.11. The issue is unauthenticated deserialization via an AJAX action, enabling PHP Object Injection when a suitable gadget is present on the blog. Remediation: upgrade to version 2.4.11 ...

9.8CVSS9.8AI score0.01245EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/03/14 6:53 a.m.50 views

CVE-2022-47162 WordPress DH – Anti AdBlocker Plugin <= 36 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Dannie Herdyawan DH – Anti AdBlocker plugin = 36 versions...

4.3CVSS9AI score0.00276EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.44 views

WordPress Image and Video Lightbox, Image PopUp Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Image and Video Lightbox, Image PopUp Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24004 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4d9c16d4d9c1 Credits...

5.9CVSS5.8AI score0.00392EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/01 12:0 a.m.5 views

CVE-2022-37787

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...

6.1AI score0.0055EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/07/27 4:22 p.m.9 views

CVE-2022-33943 WordPress BxSlider WP plugin <= 2.0.0 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated contributor or higher user role Cross-Site Scripting XSS vulnerability in Nico Amarilla's BxSlider WP plugin = 2.0.0 at WordPress...

5.4CVSS5.3AI score0.00465EPSS
Exploits0References2
CNVD
CNVD
added 2019/08/28 12:0 a.m.2 views

WordPress events-manager plugin cross-site scripting vulnerability (CNVD-2019-30594)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. events-manager is an events management plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

6.1CVSS6.3AI score0.00913EPSS
Exploits0References1
CNVD
CNVD
added 2017/02/03 12:0 a.m.4 views

WordPress REST API Plugin Content Injection Vulnerability

WordPress is a free and open source blogging software and content management system that uses PHP and MySQL as its platform. A content injection vulnerability exists in the WordPress REST API plugin. A remote attacker can exploit the vulnerability to elevate privileges or perform content injectio...

7.2AI score
Exploits0References1
0day.today
0day.today
added 2008/10/27 12:0 a.m.33 views

e107 Plugin alternate_profiles (id) SQL Injection Vulnerability

Exploit for unknown platform in category web applications =============================================================== e107 Plugin alternateprofiles id SQL Injection Vulnerability =============================================================== e107 Plugin alternateprofiles newuser.php?id Remot...

7.1AI score
Exploits0
Rows per page
Query Builder