Lucene search
K

58 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-11105

Malware in sbrugna...

8.8CVSS8.6AI score0.01311EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.5 views

PT-2025-26341 · WordPress · Grandplugins Image Sizes Controller +2

Name of the Vulnerable Software and Affected Versions: GrandPlugins Image Sizes Controller versions 1.0.0 through 1.0.9 Create Custom Image Sizes versions 1.0.0 through 1.0.9 Disable Image Sizes versions 1.0.0 through 1.0.9 Description: The issue is related to a Missing Authorization vulnerabilit...

4.3CVSS6.2AI score0.00221EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.6 views

CVE-2021-24192

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install...

8.8CVSS7AI score0.01325EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2025/03/12 12:0 a.m.459 views

WordPress Bit File Manager 6.5.5 Race Condition / Code Injection

WordPress Bit File Manager plugin version 6.5.5 proof of concept race condition exploit that achieves remote code execution. ============================================================================================================================================= | Title : WordPress Bit File...

8.1CVSS7.9AI score0.02802EPSS
Exploits3
GithubExploit
GithubExploit
added 2024/12/14 2:6 p.m.465 views

Exploit for Path Traversal in Grafana

Automated Exploit Tool for Grafana CVE-2021-43798 !Previewi...

7.5CVSS7.8AI score0.88849EPSS
Exploits44
The Hacker News
The Hacker News
added 2024/12/12 9:18 a.m.20 views

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 CVSS score: 9.8, affects all versions of the plugin prior to 1.9.0. The...

10CVSS9.6AI score0.54754EPSS
Exploits11
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.5 views

PT-2024-39622 · WordPress · Gmw-Premium-Settings +1

Name of the Vulnerable Software and Affected Versions: GEO my WP WordPress plugin versions prior to 4.5 gmw-premium-settings WordPress plugin versions prior to 3.1 Description: The issue is related to insufficient validation of files to be uploaded, which could allow attackers to upload arbitrary...

6.6CVSS6.7AI score0.00733EPSS
Exploits1References8
OSV
OSV
added 2024/11/15 4:15 a.m.6 views

CVE-2024-10924

The Really Simple Security Free, Pro, and Pro Multisite plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'checkloginandgetuser' function. This makes it possible...

9.8CVSS5.8AI score0.81722EPSS
Exploits21References7
vulnersOsv
vulnersOsv
added 2024/10/14 8:55 p.m.6 views

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +79 more potentially affected by CVE-2024-7341 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=22.0.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.0.1, =1.3.2, =1.3.6 - io.github.jeff-tian:keycloak-phone-provider =2.3.10 and more Source cves: CVE-2024-7341 Source advisor...

7.1CVSS5.7AI score0.008EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/10/02 6:31 p.m.10 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1603 more potentially affected by CVE-2024-47804 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.462.2)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2024-47804 Source advisory: OSV:GHSA-F9QJ-77Q2-H5C5...

4.3CVSS6.7AI score0.00669EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/11/13 12:43 a.m.18 views

CVE-2023-46619 WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WebDorado WDSocialWidgets plugin = 1.0.15 versions...

5.4CVSS7.1AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 2023/10/12 5:15 p.m.2 views

DEBIAN-CVE-2023-45133

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

8.8CVSS7.3AI score0.0052EPSS
Exploits0References1
Prion
Prion
added 2023/07/28 5:15 a.m.14 views

Cross site request forgery (csrf)

Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handleinstallation function that is called via the inisevinstallation AJAX aciton in various versions. This makes it possible for...

4.3CVSS4.5AI score0.00512EPSS
Exploits1References23Affected Software10
Huntr
Huntr
added 2023/07/10 12:42 a.m.33 views

Arbitrary command execution on Windows

Description Opening files from an untrusted directory can lead to execution of arbitrary commands on Windows systems, this is possible by having a malicious file with the same name as a trusted executable, Windows gives priority to the current directory when searching for executables. Several...

4.4CVSS7.5AI score0.06796EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/06/22 12:0 a.m.4 views

PT-2023-12446 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns over 70 plugins and themes that are vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed. Recommendation...

6.3AI score
Exploits0References9
vulnersOsv
vulnersOsv
added 2022/05/24 5:23 p.m.6 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1593 more potentially affected by CVE-2020-2220 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.23)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2020-2220 Source advisory: OSV:GHSA-QGJ4-RC8M-44MQ...

5.4CVSS6AI score0.01023EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/24 5:6 p.m.5 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1191 more potentially affected by CVE-2015-1811 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.596)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0.3, =1.0.0, =1.0, =1.0.0, =2.2.0, =1.0-beta-1, =4.18 - com.boxuk.jenkins:jslint =0.7.4 and more Source cves: CVE-2015-1811 Source advisory: OSV:GHSA-QG7X-4H4Q-3M49...

7.5CVSS7.1AI score0.01414EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/17 3:53 a.m.5 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +698 more potentially affected by CVE-2013-7330 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.480.2)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.9, =1.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.0, =0.1, =0.1, =0.17 and more Source cves: CVE-2013-7330 Source advisory: OSV:GHSA-H5JV-HG68-MJHG...

4CVSS5.8AI score0.01595EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/14 3:57 a.m.5 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1525 more potentially affected by CVE-2016-3727 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.651.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.5.0, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2016-3727 Source advisory: OSV:GHSA-6CR3-CM5H-8Q96...

4.3CVSS6.7AI score0.02308EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 2:13 a.m.4 views

com.cloudbees.jenkins.plugins:additional-identities-plugin (=1.1), com.sonyericsson.hudson.plugins.rebuild:rebuild (>=1.15 <=1.27) +30 more potentially affected by CVE-2012-6074 via org.jenkins-ci.main:jenkins-core (>=1.481 <=1.490)

org.jenkins-ci.main:jenkins-core MAVEN version =1.481, =1.15, =1.1, =0.2.0, =0.1.0, =1.0.0, =1.481, =1.481, =1.481, =1.481, =1.0, =1.1 - org.jenkins-ci.modules:slave-installer =1.0 - org.jenkins-ci.modules:upstart-slave-installer =1.0 - org.jenkins-ci.modules:windows-slave-installer =1.0 and more...

3.5CVSS5.8AI score0.01424EPSS
Exploits0
Rows per page
Query Builder