Lucene search
K

136 matches found

Patchstack
Patchstack
added 2024/07/15 12:0 a.m.12 views

WordPress User Submitted Posts Plugin < 20240516 is vulnerable to Cross Site Scripting (XSS)

Software User Submitted Posts Type Plugin Vulnerable versions 20240516 Fixed in 20240516 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5002 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b741c5e1dcda Credits Guido Iván Garc...

4.8CVSS5.8AI score0.00423EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/07/09 12:0 a.m.17 views

WordPress User Activity Log Pro Plugin <= 2.3.4 is vulnerable to Broken Access Control

Software User Activity Log Pro Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37929 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID a51ba27e9212 Credits Dave Jong Patchstac...

6.3CVSS6.3AI score0.00336EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/06/21 6:58 a.m.29 views

CVE-2024-5639 User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update

The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'restapichangeprofileimage' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.0041EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/06/20 12:0 a.m.13 views

WordPress User Rights Access Manager Plugin <= 1.1.2 is vulnerable to Broken Access Control

Software User Rights Access Manager Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37209 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1f100e30e3b8 Credits Majed Refaea...

6.5CVSS6.3AI score0.00476EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/19 3:36 p.m.5 views

WordPress User Registration plugin <= 3.1.5 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Stiofan in WordPress Plugin User Registration versions = 3.1.5...

8.8CVSS7AI score0.00938EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/12 12:0 a.m.12 views

WordPress User Activity Log Pro Plugin <= 2.3.4 is vulnerable to SQL Injection

Software User Activity Log Pro Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32137 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 2210c42a0a13 Credits Dave Jong Patchstack Required privilege...

8.5CVSS6.8AI score0.00517EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/07 12:0 a.m.10 views

WordPress User Activity Log Plugin <= 1.9 is vulnerable to SQL Injection

Software User Activity Log Type Plugin Vulnerable versions = 1.9 Fixed in 2.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-31356 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 35f222cae91f Credits Muhammad Daffa Required privilege Administrator...

7.6CVSS6.8AI score0.00515EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/29 12:0 a.m.14 views

WordPress User Rights Access Manager Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software User Rights Access Manager Type Plugin Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31122 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 0673dec6d13c Credits Yudistira Arya Required...

5.8CVSS6.5AI score0.00306EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/26 8:1 p.m.20 views

CVE-2023-27459 WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1...

7.4CVSS8.6AI score0.00611EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/03/15 12:0 a.m.13 views

WordPress User profile Plugin <= 2.0.20 is vulnerable to Cross Site Scripting (XSS)

Software User profile Type Plugin Vulnerable versions = 2.0.20 Fixed in 2.0.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29097 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 53c17e5b3988 Credits Kang SeoHee Required privilege...

6.3CVSS6.5AI score0.00376EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/03/11 12:0 a.m.5 views

WordPress plugin User Registration security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.5CVSS6.7AI score0.00554EPSS
Exploits2References2
Patchstack
Patchstack
added 2024/03/07 12:0 a.m.10 views

WordPress User Registration Plugin <= 3.1.4 is vulnerable to Cross Site Scripting (XSS)

Software User Registration Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1720 Patch priority Low CVSS severity Low 7.1 Developer Masteriyo PSID f3574c07a0a6 Credits stealthcopter Required...

6.1CVSS5.7AI score0.00547EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/02/26 12:0 a.m.19 views

WordPress User Shortcodes Plus Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)

Software User Shortcodes Plus Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6969 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cc1bdd35256f Credits Francesco...

5.3CVSS6.5AI score0.00472EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/02/22 12:0 a.m.14 views

WordPress User Feedback Plugin <= 1.0.13 is vulnerable to Cross Site Scripting (XSS)

Software User Feedback Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0903 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f85f155284e8 Credits Grzegorz Niedziela...

6.1CVSS5.7AI score0.00438EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/10/17 12:0 a.m.13 views

WordPress User Feedback Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)

Software User Feedback Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46153 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a28b0bbea276 Credits Dimas Maulana Required privilege...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/10/03 12:0 a.m.16 views

WordPress User Location and IP Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)

Software User Location and IP Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-31217 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8aceab066d00 Credits deokhunKim Required...

6.5CVSS5.7AI score0.0031EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/09/26 12:0 a.m.11 views

WordPress User Avatar - Reloaded Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software User Avatar - Reloaded Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4798 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a4fd94410ec4 Credits Dmitrii Ignatyev...

5.4CVSS6AI score0.00394EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/09/26 12:0 a.m.17 views

WordPress User Activity Log Pro Plugin < 2.3.4 is vulnerable to Bypass Vulnerability

Software User Activity Log Pro Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-5133 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06c08325ccb9 Credits Bartlomiej Marek and...

7.5CVSS6.9AI score0.0055EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.11 views

WordPress User Submitted Posts Plugin <= 20230901 is vulnerable to Cross Site Scripting (XSS)

Software User Submitted Posts Type Plugin Vulnerable versions = 20230901 Fixed in 20230902 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-7251 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 99d2f2c1710a Credits Ngô Thiên An ancorn from...

6.5CVSS6.9AI score0.00339EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.23 views

WordPress User Private Files Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software User Private Files Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4636 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a3eddd47293a Credits Shuning Xu Required...

4.8CVSS6AI score0.0088EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder