Lucene search
K

280 matches found

CNNVD
CNNVD
added 2023/12/20 12:0 a.m.4 views

WordPress Plugin SEO Change Monitor SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

8.5CVSS7.7AI score0.00638EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/12/14 4:51 p.m.9 views

CVE-2023-48770 WordPress Aparat Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nima Saberi Aparat allows Stored XSS.This issue affects Aparat: from n/a through 1.7.1...

6.5CVSS6.4AI score0.00377EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/06 8:40 p.m.10 views

CVE-2023-5454 Templately < 2.2.6 - Arbitrary post trashing via Missing Authorization

The Templately WordPress plugin before 2.2.6 does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts...

7.6AI score0.00608EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/10/20 7:29 a.m.10 views

CVE-2023-4796 Booster for WooCommerce <= 7.1.0 - Authenticated (Subscriber+) Information Disclosure via Shortcode

The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcjwpoption' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...

4.3CVSS6.6AI score0.00585EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.3 views

PT-2023-28720 · WordPress · Woo Custom Emails

Name of the Vulnerable Software and Affected Versions: The Woo Custom Emails for WordPress versions up to, and including, 2.2 Description: The issue is related to Reflected Cross-Site Scripting via the wcemails edit parameter due to insufficient input sanitization and output escaping. This allows...

6.1CVSS6.1AI score0.00389EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.7 views

PT-2023-23459 · WordPress · Post Smtp Mailer

Name of the Vulnerable Software and Affected Versions: POST SMTP Mailer WordPress plugin versions prior to 2.5.7 Description: The issue concerns a lack of proper CSRF checks in some AJAX actions within the plugin. This could allow attackers to make logged-in users with the manage postman smtp...

8.8CVSS8.9AI score0.00386EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.15 views

CVE-2023-1889 Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task

The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listingtask function. This makes it possible for authenticated attackers, with subscriber-level...

6.5CVSS6.9AI score0.00609EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.21 views

CVE-2023-1888 Directorist <= 7.5.4 - Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege Escalation

The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset th...

8.8CVSS7.3AI score0.00984EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.9 views

CVE-2021-4370 uListing <= 1.6.6 - Missing Authorization

The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...

9.8CVSS7.2AI score0.014EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/05/20 12:0 a.m.5 views

PT-2023-21073 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is related to Stored Cross-Site Scripting via the 'gh form' shortcode due to insufficient input sanitization and output escaping on user-supplied...

5.4CVSS5.7AI score0.00494EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/05/15 12:15 p.m.10 views

CVE-2023-0644 PushAssist <= 3.0.8 - Reflected Cross-Site Scripting

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1AI score0.0054EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/04/19 8:26 p.m.9 views

CVE-2022-28222 CleanTalk AntiSpam <= 5.173 Reflected XSS

The CleanTalk AntiSpam plugin = 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting XSS via the $REQUEST'page' parameter in/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php...

6.1CVSS6AI score0.02886EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2022/01/28 7:9 p.m.11 views

CVE-2021-23174 WordPress Download Monitor plugin <= 4.4.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Persistent Cross-Site Scripting XSS vulnerability discovered in Download Monitor WordPress plugin versions = 4.4.6 Vulnerable parameters: &posttitle, &downloadablefileversion0...

3.4CVSS4.4AI score0.83853EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/09 12:0 a.m.8 views

WordPress Authorization Issues Vulnerability (CNVD-2021-53345)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in WordPress Plugin CM Download Manager, which can be...

8.1CVSS6.7AI score0.01673EPSS
Exploits0References1
EUVD
EUVD
added 2020/12/27 6:47 p.m.7 views

EUVD-2022-5657

The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the orderid parameter in a fetchorderstatus action...

5.3CVSS5.2AI score0.04026EPSS
Exploits2References4
OSV
OSV
added 2020/11/02 9:15 p.m.2 views

UBUNTU-CVE-2020-28032

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php...

9.8CVSS7.3AI score0.16119EPSS
Exploits1References5
CVE
CVE
added 2014/07/02 6:0 p.m.41 views

CVE-2014-4537

CVE-2014-4537 affects WordPress Keyword Strategy Internal Links Plugin (

4.3CVSS6AI score0.01629EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2009/04/28 4:30 p.m.8 views

CVE-2008-6762

Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter...

6.4AI score
Exploits0References4
OSV
OSV
added 2006/11/04 1:7 a.m.8 views

CVE-2006-5705

Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the 1 backup and 2 fragment parameters in a GET request...

6.3AI score
Exploits0References11
Exploit DB
Exploit DB
added 2004/09/28 12:0 a.m.25 views

WordPress Core 1.2 - &#039;bookmarklet.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. Wordpress 1.2 is reported vulnerable, however, other...

7.4AI score
Exploits0
Rows per page
Query Builder