Lucene search
K

212 matches found

Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.6 views

PT-2024-39646 · WordPress · Wp Builder

Name of the Vulnerable Software and Affected Versions: WP Builder plugin for WordPress versions up to, and including, 3.0.7 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS6AI score0.00286EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.223 views

WordPress WPLMS Theme Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress WPLMS Theme Privilege Escalation', 'Description' = %q The WordPress WPLMS theme from version 1.5.2 to 1.8.4.1 allows an authenticated...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/08/02 12:0 a.m.2930 views

WordPress < 6.6.1

WordPress versions 6.6.1 are affected by one or more vulnerabilities %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid204968; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/01/08"; scriptcveid"CVE-2024-31111", "CVE-2024-31210",...

8.8CVSS7.7AI score0.00945EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/12 12:0 a.m.5 views

PT-2024-37740 · Blubrry · Powerpress Podcasting Plugin

Name of the Vulnerable Software and Affected Versions: PowerPress Podcasting plugin by Blubrry plugin for WordPress versions up to, and including, 11.9.10 Description: The issue is related to Reflected Cross-Site Scripting via the media url parameter due to insufficient input sanitization and...

6.4CVSS6.5AI score0.00387EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.6 views

PT-2024-37604 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions up to, and including, 5.8.9 Description: The issue is due to a lack of validation on user-supplied data in the 'pm upload image' AJAX action, allowing...

8.8CVSS6.8AI score0.00768EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.30 views

WordPress 4.3.x < 4.3.34 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

6.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.365 views

WordPress 5.8.x < 5.8.10 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability affecting the HTML API. - A Cross-Site Scripting XSS vulnerability affecting the Template Part block. - A path traversal issue...

6.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.3 views

PT-2024-34349 · WordPress · Lottiefiles

Name of the Vulnerable Software and Affected Versions: LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress versions up to, and including, 1.10.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.00353EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.4 views

PT-2024-26791 · WordPress · Idonate

Name of the Vulnerable Software and Affected Versions: IDonate WordPress plugin versions 1.9.0 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...

8.7CVSS5.5AI score0.00518EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2024/05/14 12:0 a.m.34 views

CVE-2024-3807

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via ‘portopageheadershortcodetype’, ‘slideshowtype’ and ‘postlayout’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to...

8.8CVSS7.6AI score0.01538EPSS
In wildExploits0References3
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.7 views

PT-2024-18353 · WordPress · Wpbakery

Name of the Vulnerable Software and Affected Versions: wpbakery plugin for WordPress versions up to, and including, 7.5 Description: The issue is related to Stored Cross-Site Scripting via the Custom Heading tag attribute due to insufficient input sanitization and output escaping. This allows...

6.4CVSS5.7AI score0.0032EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.6 views

PT-2024-18410 · WordPress · Masterstudy Lms

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS plugin for WordPress versions up to, and including, 3.2.13 Description: The issue allows unauthorized access to data due to a missing capability check on the search posts function. This makes it possible for authenticated...

4.3CVSS9.2AI score0.00468EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.4 views

WordPress Plugin WordPress File Upload 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

6.4CVSS7.7AI score0.0036EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.5 views

PT-2024-17945 · Woomotiv · Live Sales Notification For Woocommerce – Woomotiv

Name of the Vulnerable Software and Affected Versions: Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress versions up to, and including, 3.4.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax cancel revie...

4.3CVSS9.3AI score0.00253EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.5 views

WordPress Plugin Related Posts for WordPress Security Breach

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS6.6AI score0.00285EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.8 views

PT-2024-18005 · WordPress · Elementor Addon Elements

Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.12 Description: The issue is related to Stored Cross-Site Scripting via the icon align attribute of the Content Switcher widget due to insufficient input...

6.4CVSS8AI score0.00501EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.4 views

WordPress Plugin Booster for WooCommerce plugin for WordPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6AI score0.00343EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/19 12:0 a.m.6 views

PT-2024-18102 · WordPress · Wp Shortcodes Plugin

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 7.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's su tooltip shortcode due to insufficient input sanitization...

6.4CVSS8.2AI score0.00473EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/02/02 12:0 a.m.160 views

WordPress 5.5.x < 5.5.14 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A PHP file upload bypass via Plugin Installer requiring admin privileges. - An RCE POP Chains vulnerability. Note that the scanner has not tested for these issues but has...

7.6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/11 8:32 a.m.9 views

CVE-2023-6634 LearnPress <= 4.2.5.7 - Command Injection

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to execute any...

8.1CVSS7.5AI score0.08544EPSS
Exploits1References2
Rows per page
Query Builder