Lucene search
K

2027 matches found

NVD
NVD
added 2024/07/30 9:15 p.m.56 views

CVE-2024-5901

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00371EPSS
Exploits0References3
OSV
OSV
added 2024/07/30 9:15 p.m.10 views

CVE-2024-5901

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.9AI score
Exploits0References3
CVE
CVE
added 2024/07/30 8:30 p.m.63 views

CVE-2024-5901

CVE-2024-5901 affects SiteOrigin Widgets Bundle (WordPress) up to version 1.62.2. It is a Stored Cross-Site Scripting vulnerability in the Image Grid widget caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at least contributor-level ...

6.4CVSS5.7AI score0.00371EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/07/30 10:54 a.m.4 views

WordPress SiteOrigin Widgets Bundle plugin <= 1.62.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting in Image Grid widget vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.62.2...

6.4CVSS5.7AI score0.00371EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/30 12:0 a.m.10 views

WordPress SiteOrigin Widgets Bundle Plugin <= 1.62.2 is vulnerable to Cross Site Scripting (XSS)

Software SiteOrigin Widgets Bundle Type Plugin Vulnerable versions = 1.62.2 Fixed in 1.62.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5901 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ee6a602a0665 Credits Ngô Thiên An...

6.4CVSS5.8AI score0.00371EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.5 views

WordPress plugin SiteOrigin Widgets Bundle 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS5.6AI score0.00371EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.10 views

PT-2024-37235 · WordPress · Siteorigin Widgets Bundle

Name of the Vulnerable Software and Affected Versions: SiteOrigin Widgets Bundle plugin for WordPress versions up to, and including, 1.62.2 Description: The issue is related to Stored Cross-Site Scripting via the Image Grid widget due to insufficient input sanitization and output escaping on...

6.4CVSS6.2AI score0.00371EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/07/26 12:0 a.m.3 views

phpIPAM 安全漏洞

phpIPAM is the phpIPAM open source suite of open source PHP and MySQL based IP address management applications IPAM. A security vulnerability exists in phpIPAM version 1.6, which stems from a cross-site scripting vulnerability contained in the /app/admin/widgets/edit.php file...

7.1CVSS6.1AI score0.00326EPSS
Exploits1References2
Fedora
Fedora
added 2024/07/23 1:31 a.m.7 views

[SECURITY] Fedora 39 Update: gtk3-3.24.43-1.fc39

GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small one-off tools to complete application suites. This package contains version 3 of GTK+...

7.2AI score
Exploits0
NVD
NVD
added 2024/07/20 9:15 a.m.11 views

CVE-2024-37918

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPCone ConeBlog – WordPress Blog Widgets coneblog-widgets.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through = 1.4.8...

6.5CVSS0.00262EPSS
Exploits0References2
CVE
CVE
added 2024/07/20 9:1 a.m.41 views

CVE-2024-37918

CVE-2024-37918 affects ConeBlog – WordPress Blog Widgets (ConeBlog Widgets) for WordPress. Described as an stored XSS due to Improper Neutralization of Input During Web Page Generation, impacting ConeBlog Widgets versions from n/a through 1.4.8. The connected records confirm the same vulnerabilit...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.3 views

PT-2024-27823 · WordPress · Coneblog – Wordpress Blog Widgets

Name of the Vulnerable Software and Affected Versions: ConeBlog – WordPress Blog Widgets versions 1.4.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

6.5CVSS5.6AI score0.00262EPSS
Exploits0References4
OSV
OSV
added 2024/07/19 6:15 a.m.4 views

CVE-2023-7268

The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets...

6.5CVSS5.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/19 6:0 a.m.10 views

CVE-2023-7268 ArtPlacer Widget < 2.21.2 - Subscriber+ Arbitrary Widget Deletion

The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets...

6.8AI score0.00397EPSS
Exploits1References1
NVD
NVD
added 2024/07/12 3:15 p.m.17 views

CVE-2024-38715

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.This issue affects ExS Widgets: from n/a through 0.3.1...

6.5CVSS0.00498EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/12 2:24 p.m.29 views

CVE-2024-38715 WordPress ExS Widgets plugin <= 0.3.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.This issue affects ExS Widgets: from n/a through 0.3.1...

6.5CVSS0.00498EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/12 2:24 p.m.16 views

CVE-2024-38715 WordPress ExS Widgets plugin <= 0.3.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.This issue affects ExS Widgets: from n/a through 0.3.1...

6.5CVSS6.9AI score0.00498EPSS
Exploits0References1
CVE
CVE
added 2024/07/12 2:24 p.m.43 views

CVE-2024-38715

CVE-2024-38715 is an ExS Widgets vulnerability described as an improper limitation of a pathname enabling PHP Local File Inclusion (LFI). The vulnerability affects ExS Widgets versions up to and including 0.3.1, as reported in Red Hat and security trackers, and is associated with path traversal t...

6.5CVSS6.8AI score0.00498EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/12 12:0 a.m.5 views

WordPress plugin ExS Widgets path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

6.5CVSS6.7AI score0.00498EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/11 10:59 a.m.16 views

WordPress ExS Widgets plugin <= 0.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin ExS Widgets versions = 0.3.1...

6.5CVSS7AI score0.00498EPSS
Exploits0Affected Software1
Rows per page
Query Builder