Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.1 views

CVE-2025-69406 WordPress FreightCo theme <= 1.1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX FreightCo freightco allows PHP Local File Inclusion.This issue affects FreightCo: from n/a through = 1.1.7...

5.5AI score0.00512EPSS
Exploits0References1
OSV
OSV
added 2025/07/01 2:7 a.m.3 views

CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

9.1CVSS7AI score0.00317EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/09/13 12:0 a.m.9 views

WordPress WP Test Email Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Software WP Test Email Type Plugin Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8664 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ea820c9f43d1 Credits vgo0 Required...

6.1CVSS5.7AI score0.00359EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/11/03 12:0 a.m.11 views

WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Comments Ratings Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23702 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7f7df4a9e3a3 Credits yuyudhn Required privile...

4.8CVSS5.7AI score0.00316EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder