Lucene search
+L

173 matches found

Patchstack
Patchstack
added 2024/07/29 2:35 a.m.6 views

WordPress Campaign Monitor for WordPress plugin <= 2.8.15 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Campaign Monitor for WordPress versions = 2.8.15...

5.3CVSS7AI score0.00849EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/10 12:0 a.m.14 views

PT-2024-37453 · WordPress · Duplicator

Name of the Vulnerable Software and Affected Versions: Duplicator plugin for WordPress versions up to, and including, 1.5.9 Description: The issue allows unauthenticated attackers to obtain the full path to instances, which may be used in combination with other vulnerabilities or to simplify...

5.3CVSS6.8AI score0.00579EPSS
Exploits0References8
OSV
OSV
added 2024/06/25 1:15 p.m.1 views

DEBIAN-CVE-2024-31111

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,...

6.5CVSS5.2AI score0.00318EPSS
Exploits0References1
OSV
OSV
added 2024/06/25 1:15 p.m.4 views

UBUNTU-CVE-2024-31111

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,...

6.5CVSS5.8AI score0.00318EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/09 12:0 a.m.3 views

WordPress plugin Olive One Click Demo Import security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

5.3CVSS6.5AI score0.00297EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.6 views

PT-2024-26948 · WordPress · Easyevent

Name of the Vulnerable Software and Affected Versions: EasyEvent WordPress plugin versions 1.0.0 and earlier Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks, even when unfiltered html is disallowed, due to the plugin not sanitizing and...

3.8CVSS5.4AI score0.00435EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.9 views

PT-2024-18062 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the text alignment attribute...

6.4CVSS8AI score0.00427EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.7 views

PT-2024-22793 · Kadence Blocks · The Gutenberg Blocks By Kadence Blocks

Name of the Vulnerable Software and Affected Versions: The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress versions up to, and including, 3.2.31 Description: The issue is related to Stored Cross-Site Scripting via the CountUp Widget due to insufficient input...

6.4CVSS8AI score0.00343EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.5 views

PT-2024-23049 · WordPress · Fancy Comments

Name of the Vulnerable Software and Affected Versions: Fancy Comments WordPress versions 1.2.14 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious...

6.5CVSS8.6AI score0.00336EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.7 views

PT-2024-19463 · WordPress · The Droit Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress versions up to, and including, 3.1.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input...

5.4CVSS8AI score0.00435EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.8 views

PT-2024-17810 · WordPress · Sunshine Photo Cart

Name of the Vulnerable Software and Affected Versions: The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress versions up to, and including, 3.0.24 Description: The issue allows unauthenticated attackers to extract sensitive data, including customer email and physic...

5.3CVSS6.2AI score0.00678EPSS
Exploits0References6
OSV
OSV
added 2023/11/06 9:15 a.m.4 views

CVE-2023-45074

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for...

9.8CVSS5.8AI score0.0055EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.7 views

PT-2023-15174 · WordPress · Wp Cerber Security

Name of the Vulnerable Software and Affected Versions: WP Cerber Security plugin for WordPress versions up to, and including, 9.1 Description: The issue allows unauthenticated attackers to inject arbitrary web scripts in pages via the log parameter when logging in to the site. This makes it...

7.2CVSS6.8AI score0.00478EPSS
Exploits0References5
OSV
OSV
added 2023/10/13 12:15 p.m.3 views

UBUNTU-CVE-2023-39999

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4...

4.3CVSS5.8AI score0.01029EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.7 views

PT-2023-29786 · WordPress · Affiliatewp

Name of the Vulnerable Software and Affected Versions: AffiliateWP for WordPress versions up to, and including, 2.14.0 Description: The issue allows authenticated attackers with subscriber-level access and above to modify data without authorization due to a missing capability check on the affwp...

4.3CVSS5.4AI score0.00321EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.6 views

PT-2023-23291 · WordPress · Mainwp Child

Name of the Vulnerable Software and Affected Versions: MainWP Child plugin for WordPress versions up to, and including, 4.4.1.1 Description: The issue allows unauthenticated attackers to extract sensitive data, including the entire installation's database, due to insufficient controls on the...

7.5CVSS7.9AI score0.00662EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.6 views

PT-2023-16556 · Unknown +1 · Weglot Translate +1

Name of the Vulnerable Software and Affected Versions: Under Construction plugin for WordPress versions up to and including 3.96 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the install weglot function called via the admin action...

4.3CVSS5.3AI score0.00243EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.6 views

PT-2023-12489 · WordPress · Wp Quick Frontend Editor

Name of the Vulnerable Software and Affected Versions: WP Quick FrontEnd Editor plugin for WordPress versions up to and including 5.5 Description: The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with minimal permissions to inject arbitra...

6.4CVSS5.4AI score0.00492EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/06/03 12:0 a.m.10 views

PT-2023-19447 · Vcita · Online Booking & Scheduling Calendar For Wordpress

Name of the Vulnerable Software and Affected Versions: The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress versions up to, and including, 4.2.10 Description: The issue is related to a missing nonce check on the vcita logout callback function, which makes it possib...

6.5CVSS6.7AI score0.00394EPSS
Exploits2References9
Vulnrichment
Vulnrichment
added 2023/05/31 2:40 a.m.14 views

CVE-2023-2549

The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a ne...

8.8CVSS8.2AI score0.00331EPSS
Exploits1References2
Rows per page
Query Builder