Lucene search
K

53 matches found

Patchstack
Patchstack
added 2025/09/22 6:57 p.m.5 views

WordPress Content Mask plugin <= 1.8.5.3 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Nabil Irawan in WordPress Plugin Content Mask versions = 1.8.5.3...

3.8CVSS6.8AI score0.00314EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/09/22 6:24 p.m.10 views

CVE-2025-58012

CVE-2025-58012 relates to the WordPress Content Mask plugin. The connected documentation provides concrete details: Content Mask versions up to 1.8.5.2 are affected, with an Authenticated (Author+) condition leading to a Server-Side Request Forgery (SSRF) scenario as described in the Wordfence vu...

3.8CVSS5.9AI score0.00314EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.5 views

PT-2025-38959

Name of the Vulnerable Software and Affected Versions WP Content Protection versions through 1.3 Description A Cross-Site Request Forgery CSRF issue exists in Shankaranand Maurya WP Content Protection, which also allows Stored Cross-Site Scripting XSS. The issue allows for potential malicious...

7.1CVSS5.5AI score0.00118EPSS
Exploits0References3
NVD
NVD
added 2025/09/17 4:16 a.m.9 views

CVE-2025-10188

The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the bulkremove function. This makes it possible for unauthenticated attackers to arbitrar...

5.4CVSS0.00121EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/14 10:34 a.m.15 views

CVE-2025-47536 WordPress Content Egg plugin <= 7.0.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through = 7.0.0...

7.2CVSS0.00436EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:45 a.m.5 views

CVE-2024-0437

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or...

4.3CVSS6AI score0.00354EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/07 2:19 p.m.21 views

CVE-2025-47501 WordPress Content Control plugin <= 2.6.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Iser Content Control content-control allows DOM-Based XSS.This issue affects Content Control: from n/a through = 2.6.1...

6.5CVSS0.00209EPSS
Exploits0References1
CVE
CVE
added 2025/05/07 2:19 p.m.50 views

CVE-2025-47501

CVE-2025-47501 : DOM-based XSS in WordPress plugin Content Control (

6.5CVSS7.2AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/20 12:0 a.m.5 views

WordPress plugin Content Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS8.1AI score0.00284EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/01/07 10:3 p.m.7 views

WordPress Content Blocks Builder plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Caesar Evan Santoso Patchstack Alliance in WordPress Plugin Content Blocks Builder versions = 2.7.6...

6.5CVSS6.1AI score0.00202EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.13 views

WordPress Content Slider Block Plugin <= 3.1.5 is vulnerable to Sensitive Data Exposure

Software Content Slider Block Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.1.6 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10667 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID abf2f7c885a5 Credits Francesco Carlucci Required...

4.3CVSS6.8AI score0.003EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.9 views

WordPress Content Syndication Toolkit Reader Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Content Syndication Toolkit Reader Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51696 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4c15b730abc5 Credits João Pedro S...

7.1CVSS6.9AI score0.00275EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.14 views

PT-2024-15561 · WordPress · Password Protect

Name of the Vulnerable Software and Affected Versions: Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease versions up to, and including, 2.6.6 Description: The issue allows authenticated attackers with subscriber access or higher to extract post titles and...

4.3CVSS6.4AI score0.00354EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/05/06 11:55 p.m.6 views

WordPress Content Views plugin <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via pagingType Parameter vulnerability discovered by wesley wcraft in WordPress Plugin Content Views versions = 3.7.1...

6.4CVSS5.8AI score0.00353EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/06 12:0 a.m.15 views

WordPress Content Views Plugin <= 3.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Content Views Type Plugin Vulnerable versions = 3.7.1 Fixed in 3.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4446 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID db0528283bdc Credits wesley wcraft Required...

6.4CVSS5.8AI score0.00353EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/25 12:0 a.m.15 views

WordPress Content Views Plugin <= 3.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Content Views Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3929 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0486765092e3 Credits wesley wcraft Required...

6.4CVSS5.8AI score0.00353EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/04/17 3:25 a.m.4 views

WordPress Content Control plugin <= 2.1.0 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Content Control versions = 2.1.0...

5.3CVSS6.9AI score0.00468EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/17 12:0 a.m.7 views

WordPress Content Control Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software Content Control Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0615 Patch priority Low CVSS severity Low 5.3 Developer Code Atlantic LLC PSID 3c7e15ef621e Credits Francesco Carlucci Required...

5.3CVSS6.6AI score0.00468EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/05 2:15 a.m.5 views

CVE-2024-1478

The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by th...

5.3CVSS7.3AI score0.00532EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/02/09 12:0 a.m.8 views

WordPress Content Cards Plugin <= 0.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Content Cards Type Plugin Vulnerable versions = 0.9.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24928 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6115f90df15e Credits Ngô Thiên An ancorn from VNPT-VCI Required...

6.5CVSS6.5AI score0.0031EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder