Lucene search
K

62 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:48 a.m.13 views

CVE-2023-2744

The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS7.3AI score0.02632EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:32 p.m.10 views

CVE-2022-1904

The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.01388EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:54 p.m.6 views

CVE-2022-2276

The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog...

4.3CVSS7.1AI score0.00336EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.6 views

CVE-2021-24309

The "Schedule Name" input in the Weekly Schedule WordPress plugin before 3.4.3 general options did not properly sanitize input, allowing a user to inject javascript code using the...

5.4CVSS6.8AI score0.0065EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.16 views

CVE-2021-24498

The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue...

6.1CVSS6.2AI score0.03065EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:39 p.m.9 views

CVE-2020-36503

The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue...

8CVSS7AI score0.01207EPSS
Exploits1
CVE
CVE
added 2025/05/15 8:7 p.m.55 views

CVE-2025-1303

CVE-2025-1303 concerns the Plugin Oficial WordPress plugin (Getnet para WooCommerce) up to version 1.7.3. The issue is a reflected cross-site scripting (XSS) vulnerability caused by a parameter not being sanitised/escaped before being echoed in the page. Exploitation is described against unauthen...

6.1CVSS6.3AI score0.00525EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/15 8:6 p.m.11 views

CVE-2024-13053 Form Maker by 10Web < 1.15.33 - Admin+ Stored XSS via Theme Title

The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00266EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:6 p.m.35 views

CVE-2024-12679

The CVE-2024-12679 affects the Prisna GWT WordPress plugin and is due to inadequate sanitisation/escaping of certain settings in versions before 1.4.14. This can enable admin-level Stored XSS even when unfiltered_html is disallowed (e.g., multisite). The impact is stored XSS with potential privil...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/05/02 6:41 a.m.62 views

CVE-2024-13858

The CVE-2024-13858 entry concerns the BuddyBoss Platform plugin for WordPress and BuddyBoss Theme, affected by a Stored Cross-Site Scripting via the invitee_name parameter. Affected versions are all up to 2.8.50 (platform) and 2.8.41 (theme), with insufficient input sanitization and output escapi...

6.4CVSS5.5AI score0.00246EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/05/01 6:15 a.m.30 views

CVE-2024-13381

The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00219EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/04/16 1:56 p.m.6 views

WordPress Eventin plugin <= 4.0.25 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by theviper17 in WordPress Plugin Eventin versions = 4.0.25...

7.5CVSS8.2AI score0.00786EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/04/15 9:53 p.m.17 views

CVE-2025-26996 WordPress Sign-up Sheets plugin <= 2.3.0.1 - Shortcode Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Code Injection.This issue affects Sign-up Sheets: from n/a through = 2.3.0.1...

6.5CVSS0.00285EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/14 5:50 p.m.6 views

WordPress WP_DEBUG Toggle plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin WPDEBUG Toggle versions = 1.1...

7.1CVSS6.9AI score0.00257EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/11 8:42 a.m.8 views

CVE-2025-32525 WordPress Interactive Geo Maps plugin <= 1.6.24 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MapGeo Interactive Geo Maps interactive-geo-maps allows Reflected XSS.This issue affects Interactive Geo Maps: from n/a through = 1.6.24...

7.1CVSS8.6AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/10 9:13 a.m.20 views

CVE-2025-3433

The Advanced Advertising System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1. This is due to insufficient validation on the redirect url supplied via the 'redir' parameter. This makes it possible for unauthenticated attackers to redirect users to...

6.1CVSS6.8AI score0.00219EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/09 4:9 p.m.5 views

WordPress Testimonial Slider and Showcase Pro plugin <= 2.3.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Testimonial Slider And Showcase Pro versions = 2.3.15...

8.1CVSS8.3AI score0.00828EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/04/09 3:27 p.m.6 views

WordPress Review Stream plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Review Stream versions = 1.6.7...

5.9CVSS7AI score0.00281EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/01 5:31 a.m.3 views

CVE-2025-30548 WordPress Advanced Post Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VarDump s.r.l. Advanced Post Search advanced-post-search allows Reflected XSS.This issue affects Advanced Post Search: from n/a through = 1.1.0...

7.1CVSS8.6AI score0.00293EPSS
Exploits0References1
NVD
NVD
added 2025/03/16 6:15 a.m.21 views

CVE-2025-1623

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00247EPSS
Exploits1References1
Rows per page
Query Builder