Lucene search
K

2156 matches found

CVE
CVE
added 2024/12/09 1:10 p.m.66 views

CVE-2024-52480

CVE-2024-52480 is a Missing Authorization (Broken Access Control) vulnerability in Astoundify Jobify - Job Board WordPress Theme, affecting versions up to 4.2.3. Public docs identify unauthenticated access issues but do not provide concrete exploitation details or a confirmed patch in the sources...

9.8CVSS7.2AI score0.00355EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/12/09 12:18 p.m.22 views

CVE-2024-43222 WordPress Sweet Date theme <= 3.7.3 - Privilege Escalation vulnerability

Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.This issue affects Sweet Date: from n/a through = 3.7.3...

9.8CVSS0.00745EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/09 11:31 a.m.13 views

CVE-2023-28532 WordPress Real Estate Directory theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through 1.0.5...

4.3CVSS0.00371EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/09 11:31 a.m.4 views

CVE-2023-28532 WordPress Real Estate Directory theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in listingthemes Real Estate Directory real-estate-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through = 1.0.5...

4.3CVSS7.3AI score0.00371EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.8 views

PT-2024-35321 · Astoundify · Astoundify Jobify - Job Board Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Astoundify Jobify - Job Board WordPress Theme versions prior to 4.2.3 Description: The issue is related to a missing authorization vulnerability in the Astoundify Jobify - Job Board WordPress Theme. Recommendations: For versions prior to 4.2....

9.8CVSS9.4AI score0.00355EPSS
Exploits0References6
NVD
NVD
added 2024/12/06 10:15 a.m.32 views

CVE-2024-11289

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penciarchivemorepostajaxfunc, pencimorepostajaxfunc, and pencimorefeaturedpostajaxfunc. This makes it possible for unauthenticated attackers to include and...

8.1CVSS0.00675EPSS
Exploits0References2
NVD
NVD
added 2024/12/06 9:15 a.m.11 views

CVE-2024-10849

The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS0.0026EPSS
Exploits0References2
CVE
CVE
added 2024/12/06 8:24 a.m.47 views

CVE-2024-10849

CVE-2024-10849 details (NewsMash theme, WordPress) : The NewsMash WordPress theme is affected by a stored cross-site scripting (XSS) vulnerability via a malicious display name in all versions up to 1.0.71. Exploitation requires authenticated access at Contributor level or higher, and an attacker ...

6.4CVSS7.4AI score0.0026EPSS
Exploits0References2
NVD
NVD
added 2024/12/06 6:15 a.m.17 views

CVE-2024-10578

The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnewsimporterpluginactionfornotice function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS0.01355EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/12/06 5:26 a.m.23 views

CVE-2024-10578 Pubnews <= 1.0.7 - Authenticated (Subscriber+) Arbitrary Plugin Installation

The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnewsimporterpluginactionfornotice function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS0.01355EPSS
Exploits1References3
CVE
CVE
added 2024/12/06 5:26 a.m.63 views

CVE-2024-10578

CVE-2024-10578 – Pubnews theme (WordPress) has an unauthenticated/arbitrary plugin installation vulnerability through a missing capability check in pubnews_importer_plugin_action_for_notice() across all versions up to 1.0.7. The issue allows authenticated attackers with Subscriber-level access an...

8.8CVSS8.4AI score0.01355EPSS
Exploits1References3
OSV
OSV
added 2024/12/05 10:31 a.m.2 views

CVE-2024-11420

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...

5.4CVSS5.9AI score0.00249EPSS
Exploits0References2
OSV
OSV
added 2024/12/02 2:15 p.m.2 views

CVE-2024-52478

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Stored XSS.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3...

5.4CVSS7.3AI score0.0027EPSS
Exploits0References1
NVD
NVD
added 2024/12/02 2:15 p.m.15 views

CVE-2024-52479

Cross-Site Request Forgery CSRF vulnerability in Astoundify Jobify jobify allows Cross Site Request Forgery.This issue affects Jobify: from n/a through 4.3.0...

8.8CVSS0.00187EPSS
Exploits0References1
OSV
OSV
added 2024/12/02 2:15 p.m.4 views

CVE-2024-52479

Cross-Site Request Forgery CSRF vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3...

8.8CVSS7.3AI score0.00187EPSS
Exploits0References1
NVD
NVD
added 2024/12/02 2:15 p.m.13 views

CVE-2024-52478

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify Jobify jobify allows Stored XSS.This issue affects Jobify: from n/a through 4.3.0...

6.5CVSS0.0027EPSS
Exploits0References1
CVE
CVE
added 2024/12/02 1:48 p.m.50 views

CVE-2024-52478

CVE-2024-52478 is a Cross-Site Scripting (Stored XSS) vulnerability in the Ben Marshall Jobify – Job Board WordPress Theme, affecting versions up to 4.2.3 (n/a through 4.2.3). The issue arises from improper input neutralization during web page generation. Multiple connected sources explicitly con...

6.5CVSS7.2AI score0.0027EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.6 views

PT-2024-35318 · WordPress · Ben Marshall Jobify - Job Board Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Ben Marshall Jobify - Job Board WordPress Theme versions n/a through 4.2.3 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting, which allows Stored XSS. This mea...

6.5CVSS9.1AI score0.0027EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.4 views

PT-2024-35319 · WordPress · Ben Marshall Jobify - Job Board Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Ben Marshall Jobify - Job Board WordPress Theme versions n/a through 4.2.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into...

8.8CVSS9.4AI score0.00187EPSS
Exploits0References4
NVD
NVD
added 2024/11/28 11:15 a.m.11 views

CVE-2024-52481

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Astoundify Jobify jobify allows Relative Path Traversal.This issue affects Jobify: from n/a through 4.3.0...

7.5CVSS0.00669EPSS
Exploits0References1
Rows per page
Query Builder