Lucene search
K

2019 matches found

Cvelist
Cvelist
added 2024/10/28 5:57 p.m.16 views

CVE-2024-50447 WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce envo-elementor-for-woocommerce allows Stored XSS.This issue affects Envo's Elementor Templates & Widgets for WooCommerce: from n/a...

6.5CVSS0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/28 12:0 a.m.3 views

WordPress plugin Elementor Templates & Widgets for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.5CVSS6.1AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.5 views

PT-2024-34214 · Unknown · Astra Widgets

Name of the Vulnerable Software and Affected Versions: Astra Widgets versions 1.2.14 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

6.5CVSS5.6AI score0.00234EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/10/28 12:0 a.m.4 views

WordPress plugin Astra Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.5CVSS6AI score0.00234EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/24 9:36 a.m.4 views

WordPress Astra Widgets plugin <= 1.2.14 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Astra Widgets versions = 1.2.14...

6.5CVSS5.8AI score0.00234EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/24 12:0 a.m.13 views

WordPress Astra Widgets Plugin <= 1.2.14 is vulnerable to Cross Site Scripting (XSS)

Software Astra Widgets Type Plugin Vulnerable versions = 1.2.14 Fixed in 1.2.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50439 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID aae8162e86d9 Credits João Pedro S Alcântara Kinorth Require...

6.5CVSS6.3AI score0.00234EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/10/20 10:15 a.m.14 views

CVE-2024-49614

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SermonAudio SermonAudio Widgets sermonaudio-widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through = 1.9.3...

8.8CVSS0.00432EPSS
Exploits0References1
OSV
OSV
added 2024/10/20 10:15 a.m.5 views

CVE-2024-49614

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3...

8.8CVSS5.8AI score0.00432EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/20 9:58 a.m.17 views

CVE-2024-49614 WordPress SermonAudio Widgets plugin <= 1.9.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3...

8.5CVSS7.7AI score0.00432EPSS
Exploits0References1
CVE
CVE
added 2024/10/20 9:58 a.m.53 views

CVE-2024-49614

CVE-2024-49614 is a SQL Injection vulnerability in the WordPress plugin SermonAudio Widgets . The issue affects versions listed as “n/a through 1.9.3” and stems from improper neutralization of special elements used in SQL commands. Public references describe the vulnerability but do not provide c...

8.8CVSS5.9AI score0.00432EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/20 9:58 a.m.24 views

CVE-2024-49614 WordPress SermonAudio Widgets plugin <= 1.9.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SermonAudio SermonAudio Widgets sermonaudio-widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through = 1.9.3...

8.5CVSS0.00432EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/20 12:0 a.m.3 views

WordPress plugin SermonAudio Widgets SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

8.8CVSS7.6AI score0.00432EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/20 12:0 a.m.4 views

PT-2024-33569 · Dan Alexander · Sermonaudio Widgets

Name of the Vulnerable Software and Affected Versions: Dan Alexander SermonAudio Widgets versions n/a through 1.9.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection,...

8.8CVSS8.5AI score0.00432EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/10/18 10:48 a.m.5 views

WordPress SermonAudio Widgets plugin <= 1.9.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin SermonAudio Widgets versions = 1.9.3...

8.8CVSS8.1AI score0.00432EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/18 12:0 a.m.17 views

WordPress SermonAudio Widgets Plugin <= 1.9.3 is vulnerable to SQL Injection

Software SermonAudio Widgets Type Plugin Vulnerable versions = 1.9.3 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49614 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID b36bd1fd3f06 Credits João Pedro S Alcântara Kinorth Required privile...

8.8CVSS8.8AI score0.00432EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/10/17 6:15 p.m.10 views

CVE-2024-47312

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through = 1.4.1...

8.5CVSS0.00407EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/17 5:34 p.m.21 views

CVE-2024-47312 WordPress Classic Editor and Classic Widgets plugin <= 1.4.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through = 1.4.1...

8.5CVSS5.6AI score0.00407EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/17 5:34 p.m.31 views

CVE-2024-47312 WordPress Classic Editor and Classic Widgets plugin <= 1.4.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through = 1.4.1...

8.5CVSS0.00407EPSS
Exploits0References1
CVE
CVE
added 2024/10/17 5:34 p.m.61 views

CVE-2024-47312

CVE-2024-47312 : SQL Injection in WordPress plugins “Classic Editor” and “Classic Widgets” (WPGrim) up to version 1.4.1. Root cause: improper neutralization of input in SQL queries, enabling attacker-controlled SQL when authenticated as a Subscriber. Affected: Classic Editor and Classic Widgets (...

8.5CVSS5.9AI score0.00407EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/10/17 2:48 a.m.3 views

SUSE CVE-2024-47779

Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally,...

7CVSS7.2AI score0.00417EPSS
Exploits0References3
Rows per page
Query Builder