Lucene search
K

212 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:49 p.m.7 views

CVE-2022-3036

The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

4.8CVSS5.7AI score0.0056EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.7 views

CVE-2021-24826

The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ v 4.0.1 or Admin+ v 4.0.2 users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Please note that such attack is still...

5.4CVSS6AI score0.00595EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:11 p.m.7 views

CVE-2021-39203

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...

6.8CVSS6.6AI score0.00911EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.12 views

CVE-2021-24140

Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep5=test...

7.2CVSS8.1AI score0.01205EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:9 p.m.6 views

CVE-2020-8799

A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website...

4.8CVSS5.7AI score0.00741EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:23 a.m.17 views

CVE-2019-9978

The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swpdebug=loadoptions swpurl parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro...

6.1CVSS5.8AI score0.73543EPSS
Exploits18References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:33 a.m.4 views

CVE-2015-9342

The wp-rollback plugin before 1.2.3 for WordPress has XSS...

6.1CVSS7.1AI score0.00913EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 a.m.7 views

CVE-2019-9910

The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS...

6.1CVSS7.1AI score0.01389EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:29 a.m.8 views

CVE-2019-15780

The formidable plugin before 4.02.01 for WordPress has unsafe deserialization...

9.8CVSS7AI score0.02389EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:18 a.m.21 views

CVE-2019-15112

The wp-slimstat plugin before 4.8.1 for WordPress has XSS...

6.1CVSS7AI score0.01046EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:10 a.m.9 views

CVE-2019-18855

A Denial Of Service vulnerability exists in the safe-svg aka Safe SVG plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes...

7.5CVSS6.8AI score0.02605EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:50 a.m.8 views

CVE-2018-20838

ampforwpsavestepsdata in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS...

5.4CVSS6.8AI score0.01078EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:34 a.m.6 views

CVE-2013-7478

The events-manager plugin before 5.5 for WordPress has XSS via EMTicket::getpost...

6.1CVSS6.2AI score0.00913EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:9 a.m.4 views

CVE-2018-20985

The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec...

9.8CVSS6.9AI score0.07606EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:3 a.m.6 views

CVE-2016-10953

The Headway theme before 3.8.9 for WordPress has XSS via the license key field...

5.4CVSS6AI score0.00756EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:1 a.m.7 views

CVE-2016-10904

The olimometer plugin before 2.57 for WordPress has SQL injection...

9.8CVSS7.8AI score0.01848EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:57 a.m.9 views

CVE-2019-20181

The awesome-support plugin 5.8.0 for WordPress allows XSS via the posttitle parameter...

4.8CVSS6AI score0.00717EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:5 a.m.8 views

CVE-2015-9300

The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.00923EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:33 a.m.7 views

CVE-2018-21002

The js-support-ticket plugin before 2.0.6 for WordPress has CSRF...

8.8CVSS7.1AI score0.00681EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:26 a.m.7 views

CVE-2015-9502

The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier...

6.1CVSS6AI score0.00907EPSS
Exploits1References1
Rows per page
Query Builder