Lucene search
K

111 matches found

Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.5 views

PT-2023-16260 · WordPress · Article Directory Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Article Directory WordPress plugin versions prior to 1.4 Description: The issue arises from improper sanitization of the publish terms text setting, which can be exploited to conduct Stored XSS attacks, particularly in multisite environments...

4.8CVSS4.9AI score0.0047EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2023/02/07 12:0 a.m.17 views

Ultimate FAQ Plugin for WordPress < 1.8.25 Multiple Vulnerabilities

The WordPress Ultimate FAQ Plugin installed on the remote host is affected by multiple vulnerabilities :\n\n - An Arbitrary Options Import.\n - An HTML Injection.\n Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number...

7.5CVSS7.5AI score0.03518EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2023/01/23 2:31 p.m.5 views

CVE-2022-4475 Collapse-O-Matic < 1.8.3 - Contributor+ Stored XSS

The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

6.1AI score0.00534EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/12/12 5:54 p.m.8 views

CVE-2022-4010 Image Hover Effects < 5.5 - Admin+ Stored XSS

The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00532EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/05/20 8:48 p.m.14 views

CVE-2022-29432 WordPress wpDataTables plugin <= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated administrator or higher user role Persistent Cross-Site Scripting XSS vulnerabilities in TMS-Plugins wpDataTables plugin = 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters...

3.4CVSS4.4AI score0.00489EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2021/09/09 11:19 a.m.4 views

CVE-2021-36871 WordPress WP Google Maps Pro premium plugin <= 8.1.11 - Multiple Authenticated Persistent XSS vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in WordPress WP Google Maps Pro premium plugin versions &attributes, Name &attributes, &icons, &names, &description, &link, &title...

5.5CVSS5.7AI score0.00557EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2020/07/08 8:12 p.m.158 views

Advertising Plugin for WordPress Threatens Full Site Takeovers

The Adning Advertising plugin for WordPress, a premium plugin with over 8,000 customers, contains a critical remote code-execution vulnerability with the potential to be exploited by unauthenticated attackers. The plugin’s author, Tunafish, has rolled out a patched version v.1.5.6, which site...

0.2AI score0.26869EPSS
Exploits0References11
Talos Blog
Talos Blog
added 2019/03/28 2:0 p.m.50 views

Cyber Security Week in Review (March 28)

Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. Top headlines this week ASUS had to release an emergency fix for a malware that may have accidentally deployed to their machines. Attackers may have...

0.1AI score
Exploits0
0day.today
0day.today
added 2013/10/14 12:0 a.m.57 views

Wordpress Cart66 Plugin 1.5.1.14 - Multiple Vulnerabilities

Exploit for php platform in category web applications Vulnerabilities: 1 CSRF 2 XSS Stored VULNERABILITY 1 CSRF Page affected: http://victimsite/wordpress/wp-admin/admin.php?page=cart66-products If the Wordpress admin were logged in and clicked on a link hosting code similar to the one in the PoC...

6.8CVSS0.5AI score0.04084EPSS
Exploits7
Cvelist
Cvelist
added 2012/07/18 6:0 p.m.19 views

CVE-2012-4033

Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors...

6.9AI score0.02607EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2008/10/14 12:0 a.m.33 views

wpcomment-multi.txt

ChX Security | Advisory 3 | ========== - "WP Comment Remix 1.4.3 Multiple Vulnerabilities" Advisory URL: http://chxsecurity.org/advisories/adv-3-full.txt Date of last update: 2008-10-13 CVE Name: -- Vulnerability Information | ================== Software: WP Comment Remix Version: 1.4.3 From:...

7.4AI score
Exploits0
Rows per page
Query Builder