Lucene search
K

111 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.8 views

CVE-2021-24246

The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues...

5.4CVSS6AI score0.00659EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.7 views

CVE-2021-24431

The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting...

4.3CVSS6.3AI score0.00467EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:33 a.m.14 views

CVE-2015-9310

The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues...

9.8CVSS8.1AI score0.01869EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:6 p.m.31 views

CVE-2024-11719

The CVE-2024-11719 entry concerns the tarteaucitron-wp WordPress plugin prior to version 0.3.0, which lacks CSRF checks in certain areas and omits sanitisation and escaping. This could allow a logged-in attacker to trigger a Stored XSS payload via a CSRF attack. The issue is documented across mul...

6.1CVSS5.9AI score0.00149EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.6 views

PT-2025-21454 · WordPress · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form WordPress plugin versions prior to 5.2.64 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

4.8CVSS5.4AI score0.00266EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2025/04/21 12:0 a.m.214 views

📄 WordPress Easy Restaurant Manager 1.0 XSS / SQL Injection / IDOR

WordPress Easy Restaurant Manager plugin version 1.0 suffers from persistent cross site scripting, insecure direct object reference, a missing access control, and remote SQL injection vulnerabilities. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title WordPress...

7.8AI score
Exploits0
CVE
CVE
added 2025/04/11 8:42 a.m.46 views

CVE-2025-32536

CVE-2025-32536 refers to a Reflected Cross-Site Scripting vulnerability in the HTML5 Video Player with Playlist WordPress plugin. The vulnerability affects the plugin version range up to 2.50 (HTML5 Video Player with Playlist). The root cause, as stated in connected documentation, is improper inp...

7.1CVSS7.2AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/07 9:46 a.m.6 views

CVE-2024-13809

The Hero Slider - WordPress Slider Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS7.5AI score0.00313EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/02/20 12:0 a.m.20 views

WordPress Yoast SEO Plugin < 1.5.7, 1.6.x < 1.6.4, 1.7.x < 1.7.4 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:yoast:yoastseo"; if description...

6.8CVSS6.8AI score0.05785EPSS
Exploits3References2
CVE
CVE
added 2025/02/18 7:28 a.m.52 views

CVE-2024-11895

The WordPress plugin Online Payments – Get Paid with PayPal, Square & Stripe is affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability via shortcode attributes in versions up to 3.20.0, caused by insufficient input sanitization and output escaping. This allows authenticated ...

6.4CVSS5.8AI score0.00376EPSS
Exploits0References6Affected Software1
OpenVAS
OpenVAS
added 2025/02/10 12:0 a.m.12 views

WordPress File Manager Plugin < 7.2.2 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

9.9CVSS6.8AI score0.06009EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/02/05 12:0 a.m.8 views

WordPress ProfilePress Plugin < 4.15.15 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...

4.8CVSS6.9AI score0.00334EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2025/02/05 12:0 a.m.11 views

WordPress ProfilePress Plugin < 4.15.0 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...

6.5CVSS6.8AI score0.00598EPSS
Exploits0References3
NVD
NVD
added 2025/01/31 8:15 a.m.19 views

CVE-2024-13530

The Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the lpshandledeletealllogs, lpshandledeleteloginlog, and...

4.3CVSS0.00298EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/01/21 4:20 a.m.17 views

CVE-2024-13536 1003 Mortgage Application <= 1.87 - Unauthenticated Full Path Disclosure

The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retriev...

5.3CVSS0.00372EPSS
Exploits0References2
NVD
NVD
added 2025/01/18 6:15 a.m.29 views

CVE-2025-0308

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied...

7.5CVSS0.00513EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/12/19 12:0 a.m.11 views

Hunk Companion Plugin for WordPress < 1.9.0 Arbitrary Plugin Installation

The WordPress Hunk Companion Plugin installed on the remote host is affected by an improper access control vulnerability allowing a remote and unauthenticated attacker to install any plugin on the affected WordPress instance. Note that the scanner has not tester for these issues but has instead...

9.8CVSS7.5AI score0.54754EPSS
Exploits5References3
CVE
CVE
added 2024/12/16 2:31 p.m.47 views

CVE-2024-54403

CVE-2024-54403 is an explicit cross-site scripting vulnerability in the Visual Recent Posts WordPress plugin. It is described as an Improper Neutralization of Input During Web Page Generation (Reflected XSS) affecting versions up to 1.2.3. The CVSS score is 7.1 (HIGH) with network attack vector, ...

7.1CVSS7.2AI score0.00387EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/05/10 12:0 a.m.12 views

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Plugin <= 1.5.102 is vulnerable to Remote Code Execution (RCE)

Software Unlimited Elements For Elementor Free Widgets, Addons, Templates Type Plugin Vulnerable versions = 1.5.102 Fixed in 1.5.103 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-2662 Patch priority Low CVSS severity Low 7.2 Developer Unlimited Elements PSID...

7.2CVSS7.2AI score0.01749EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/02 12:0 a.m.5 views

PT-2024-15913 · WordPress · Anonymous Restricted Content

Name of the Vulnerable Software and Affected Versions: Anonymous Restricted Content plugin for WordPress versions up to, and including, 1.6.2 Description: The issue is due to insufficient restrictions through the REST API on protected posts and pages, allowing unauthenticated attackers to access...

7.5CVSS7.8AI score0.00608EPSS
Exploits0References9
Rows per page
Query Builder