Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.3 views

CVE-2026-3332

The Xhanch - My Advanced Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation in the xmssetting function on the settings update handler. This makes it possible for unauthenticated attackers t...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5546

Malware in sbrugna...

6.5CVSS6.5AI score0.00623EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-1893

Malware in sbrugna...

5.3CVSS5.5AI score0.01139EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-38134

Malicious code in bioql PyPI...

6.5CVSS5.7AI score0.00547EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/04 1:44 a.m.10 views

CVE-2025-5933 RD Contacto <= 1.4 - Cross-Site Request Forgery to Settings Update

The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateData function. This makes it possible for unauthenticated attackers to update plugin settings via a...

4.3CVSS0.00133EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.7 views

CVE-2021-24405

The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users such as subscriber to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not...

6.5CVSS5.8AI score0.10703EPSS
Exploits5References1
Patchstack
Patchstack
added 2025/04/02 10:47 a.m.8 views

WordPress WP Video Playlist plugin <= 1.1.2 - Settings Change vulnerability

Settings Change vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Video Playlist versions = 1.1.2...

6.5CVSS8.4AI score0.0029EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/31 12:0 a.m.5 views

PT-2025-2163 · WordPress · The Food Menu – Restaurant Menu & Online Ordering

Name of the Vulnerable Software and Affected Versions: The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress versions up to, and including, 5.1.4 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify the plugin's...

4.3CVSS9.2AI score0.00288EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/08/05 6:0 a.m.33 views

CVE-2024-3636 Pinpoint Booking System < 2.9.9.4.8 - Admin+ Stored XSS

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00348EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/05/30 7:49 a.m.28 views

CVE-2023-2470 Add to Feedly <= 1.2.11 - Admin+ Stored XSS

The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.1AI score0.00472EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/04/05 6:27 p.m.25 views

CVE-2021-24196 Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)

The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘tokenerror’ parameter can be controlled by users and it is directly echoed without being sanitized...

5.5AI score0.00679EPSS
Exploits2References2
Rows per page
Query Builder