Lucene search
K

135 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-50931

Malicious code in bioql PyPI...

6.4CVSS8.7AI score0.00306EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-30545

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-51713

Malicious code in bioql PyPI...

6.4CVSS9.1AI score0.00212EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2022-34640

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.01424EPSS
Exploits2References1
Patchstack
Patchstack
added 2025/09/28 2:19 a.m.7 views

WordPress User Avatar - Reloaded plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability

WordPress User Avatar - Reloaded plugin = 1.2.2 - Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin User Avatar - Reloaded versions = 1.2.2...

6.5CVSS6.1AI score0.00133EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/09/22 7:16 p.m.2 views

CVE-2025-58672

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.1.12...

5.4CVSS0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:22 p.m.11 views

CVE-2025-58673 WordPress WP User Frontend Plugin <= 4.1.12 - Content Injection Vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in weDevs WP User Frontend wp-user-frontend allows Code Injection.This issue affects WP User Frontend: from n/a through = 4.1.12...

5.4CVSS0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.4 views

PT-2025-27844 · WordPress · Wp Human Resource Management

Name of the Vulnerable Software and Affected Versions: WP Human Resource Management plugin for WordPress versions 2.0.0 through 2.2.17 Description: The issue arises from a missing authorization within the ajax delete employee function, allowing authenticated attackers with Employee-level access a...

8.1CVSS6.1AI score0.00293EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/22 8:33 p.m.3 views

CVE-2021-24998

The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic...

7.5CVSS7AI score0.01186EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/22 11:41 a.m.5 views

WordPress User Meta plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin User Meta versions = 3.1.2...

7.1CVSS5.9AI score0.00235EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/24 4:8 p.m.6 views

CVE-2025-39400 WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpeverest User Registration allows Reflected XSS. This issue affects User Registration: from n/a through n/a...

7.1CVSS7AI score0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 3:47 p.m.19 views

CVE-2025-27319 WordPress User List plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ivan82 User List user-list allows Reflected XSS.This issue affects User List: from n/a through = 1.5.1...

7.1CVSS0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:47 p.m.4 views

CVE-2025-27319 WordPress User List plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ivan82 User List user-list allows Reflected XSS.This issue affects User List: from n/a through = 1.5.1...

7.1CVSS8.6AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/12 12:0 a.m.7 views

PT-2025-16168 · WordPress · User Registration & Membership

Name of the Vulnerable Software and Affected Versions: User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions up to, and including, 4.1.3 Description: The issue allows unauthenticated attackers to update other users' passwords if they...

4.3CVSS5.7AI score0.00273EPSS
Exploits0References10
Cvelist
Cvelist
added 2025/03/03 1:30 p.m.17 views

CVE-2025-25114 WordPress User Role plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ehabstar User Role user-roles allows Reflected XSS.This issue affects User Role: from n/a through = 1.0...

7.1CVSS0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/03 1:30 p.m.6 views

CVE-2025-25114 WordPress User Role plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ehabstar User Role user-roles allows Reflected XSS.This issue affects User Role: from n/a through = 1.0...

7.1CVSS8.6AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:58 a.m.6 views

CVE-2024-10801

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files on...

9.8CVSS7.9AI score0.00829EPSS
Exploits0References1
CVE
CVE
added 2025/01/15 3:23 p.m.51 views

CVE-2025-22736

CVE-2025-22736 concerns the WordPress plugin User Management by WPExperts. The issue is described as an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation . Affected software: User Management (through version 1.2, per description). Documented impact indicates an authen...

8.8CVSS7.2AI score0.00418EPSS
Exploits0References1
CVE
CVE
added 2025/01/02 9:15 a.m.46 views

CVE-2024-56037

CVE-2024-56037 is a published WordPress plugin vulnerability: a Reflected Cross-Site Scripting (XSS) in the “User Referral” plugin. The issue is caused by improper neutralization of input during web page generation, allowing injected scripts to execute in victims’ browsers when they load a crafte...

7.1CVSS7.2AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/09 11:31 a.m.19 views

CVE-2023-29429 WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1...

5.3CVSS0.00402EPSS
Exploits0References1
Rows per page
Query Builder