Lucene search
K

281 matches found

Vulnrichment
Vulnrichment
added 2024/07/17 6:45 a.m.12 views

CVE-2024-5252 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfotable shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00297EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/09 8:3 p.m.14 views

CVE-2024-4463 Squelch Tabs and Accordions Shortcodes <= 0.4.7 - Cross-Site Request Forgery

The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.7. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to modify...

4.3CVSS5.6AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 6:0 a.m.50 views

CVE-2024-3472 Modal Window < 5.3.10 - Modal Deletion via CSRF

The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack...

6.6AI score0.00204EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-18215 · WordPress · Print Labels With Barcodes

Name of the Vulnerable Software and Affected Versions: The Print Labels with Barcodes plugin for WordPress versions up to, and including, 3.4.6 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the template and javascrip...

6.4CVSS5.7AI score0.00412EPSS
Exploits0References7
OSV
OSV
added 2024/04/09 6:58 p.m.6 views

CVE-2024-2336 Popup Maker – Popup for opt-ins, lead gen, & more <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS7.3AI score0.0034EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/01/29 2:44 p.m.3 views

CVE-2023-7074 WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF

The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.5AI score0.00329EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/09/28 4:31 a.m.7 views

CVE-2023-5233 Font Awesome Integration <= 5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

6.4CVSS6.8AI score0.00359EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.6 views

PT-2023-13775 · WordPress +1 · 3Dprint +1

Name of the Vulnerable Software and Affected Versions: 3DPrint WordPress plugin versions prior to 3.5.6.9 Description: The issue allows an attacker to craft a malicious request, exploiting the lack of protection against CSRF attacks in the modified version of Tiny File Manager. This can trick a...

5.3CVSS5AI score0.003EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2023/07/14 12:0 a.m.6 views

PT-2023-17641 · WordPress · Buy Me A Coffee – Button/Widget Plugin

Name of the Vulnerable Software and Affected Versions: Buy Me a Coffee – Button and Widget Plugin versions up to, and including, 3.6 Description: The issue arises from insufficient sanitization and escaping on the text value set via the bmc post reception action, allowing authenticated attackers...

6.4CVSS6.2AI score0.00495EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/06/19 10:52 a.m.19 views

CVE-2023-0368 Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS

The Responsive Tabs For WPBakery Page Builder formerly Visual Composer WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to...

5.8AI score0.00444EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/05/25 12:0 a.m.7 views

PT-2023-15219 · WordPress · Wp Easy Pay Wp Easypay – Square

Name of the Vulnerable Software and Affected Versions: WP Easy Pay WP EasyPay – Square for WordPress plugin versions = 4.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

8.8CVSS8.8AI score0.003EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/18 1:57 a.m.12 views

CVE-2023-2120 Thumbnail carousel slider <= 1.1.9 - Reflected Cross-Site Scripting

The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS7AI score0.00609EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/14 6:48 a.m.8 views

CVE-2022-47163 WordPress WP CSV to Database Plugin <= 2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin = 2.6 versions...

3.1CVSS7.6AI score0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/08 1:9 a.m.9 views

CVE-2023-0717 Wicked Folders <= 2.18.16 - Missing Authorization via ajax_delete_folder

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxdeletefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke th...

5.4CVSS6.6AI score0.00576EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/30 8:31 p.m.6 views

CVE-2022-4680 Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection

The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.1AI score0.01046EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/12/12 5:54 p.m.9 views

CVE-2022-3359 Shortcodes and extra features for Phlox theme < 2.10.7 - PHP Objection Injection

The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports intentionally or not a malicious file and a suitable gadget chain is present on the blog...

7.4AI score0.00742EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/29 8:10 p.m.9 views

CVE-2022-4029

The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforummd5 hash of the WordPress URL' cookie value in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

4.7CVSS6.3AI score0.00558EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/08 6:15 p.m.7 views

CVE-2022-40128 WordPress Advanced Order Export For WooCommerce plugin <= 3.3.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Advanced Order Export For WooCommerce plugin = 3.3.2 on WordPress leading to export file download...

4.3CVSS5.4AI score0.00313EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/06/15 3:35 p.m.7 views

CVE-2022-29441 WordPress Private Messages For WordPress plugin <= 2.1.10 - Sending Messages via Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Private Messages For WordPress plugin = 2.1.10 at WordPress allows attackers to send messages...

4.3CVSS4.6AI score0.00389EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/09/14 1:0 p.m.30 views

CVE-2017-1002014

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/adminsetting.php via galleryname parameter...

9.9AI score0.02907EPSS
Exploits1References2
Rows per page
Query Builder