Lucene search
+L

173 matches found

CNNVD
CNNVD
added 2023/05/25 12:0 a.m.7 views

WordPress plugin Stream 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS8.1AI score0.00264EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/19 9:38 a.m.11 views

CVE-2023-2170 TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...

5.5CVSS6.8AI score0.00486EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.7 views

PT-2023-16938 · WordPress · Wh Testimonials

Name of the Vulnerable Software and Affected Versions: The WH Testimonials plugin for WordPress versions up to, and including, 3.0.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers t...

7.2CVSS6.2AI score0.00743EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.1 views

PT-2022-26948 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 6.0.3 Description: A cross-site scripting issue allows a remote unauthenticated attacker to inject an arbitrary script. The developer provides new patched releases for all versions since 3.7. Recommendations: For...

6.1CVSS5.6AI score0.01404EPSS
Exploits0References23
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.4 views

WordPress plugin th23 Social 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. th23 Socials plugin 1.2.0 and earlier versions of WordPress are vulnerable to a cross-site scripting...

4.8CVSS5.2AI score0.00577EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/04/17 12:0 a.m.10 views

PT-2022-13802 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions 3.6.0 through 3.6.2 Description: The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in t...

8.8CVSS8.7AI score0.92658EPSS
Exploits10References15
Positive Technologies
Positive Technologies
added 2021/11/17 12:0 a.m.13 views

PT-2021-23594 · WordPress · Wordpress Popular Posts

Name of the Vulnerable Software and Affected Versions: WordPress Popular Posts versions up to and including 5.3.2 Description: The WordPress Popular Posts plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /src/Image.php file. This makes it...

8.8CVSS9.7AI score0.79823EPSS
Exploits5References16
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-8942

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted...

8.8CVSS8AI score0.82736EPSS
Exploits7References1
Positive Technologies
Positive Technologies
added 2020/10/15 12:0 a.m.8 views

PT-2020-5742 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to insufficient access control in certain features of the WordPress content management system. This can be exploited by a remote attacker to impact data integrity. The proble...

9.8CVSS6.8AI score0.16119EPSS
Exploits1References45
Positive Technologies
Positive Technologies
added 2020/10/15 12:0 a.m.8 views

PT-2020-5777 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to the is protected meta function in the wp-includes/meta.php component of the WordPress content management system. This function incorrectly determines the protection status...

9.8CVSS6.9AI score0.16119EPSS
Exploits1References47
CNVD
CNVD
added 2020/05/07 12:0 a.m.15 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2020-27082)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Search module in WordPress versions 5.2 through 5.4. The...

6.4CVSS6.3AI score0.01437EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2020/04/04 12:0 a.m.174 views

WordPress Hotel Booking System Pro 1.1 Cross Site Scripting

Exploit Title: WordPress Hotel Booking System Pro v1.1 XSS Vunlerability Google Dork:N/A Date: 2020-04-04 Exploit Author: @ThelastVvV Vendor Homepage: https://codecanyon.net/item/online-hotel-booking-system-pro-wordpress-plugin/9338914 Version: 1.1 Tested on: 5.4.0-4parrot1-amd64...

Exploits0
OSV
OSV
added 2019/10/17 1:15 p.m.2 views

UBUNTU-CVE-2019-17674

WordPress before 5.2.4 is vulnerable to stored XSS cross-site scripting via the Customizer...

5.4CVSS7.3AI score0.01611EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/09/11 12:0 a.m.15 views

PT-2019-5224 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions 3.7 through 5.3.0 Description: The issue is related to an authentication error in the class-wp-rest-posts-controller function of the WordPress content management system, allowing users to mark posts as sticky via the REST...

9.8CVSS6.7AI score0.4375EPSS
Exploits16References76
OSV
OSV
added 2019/02/20 3:29 a.m.8 views

DEBIAN-CVE-2019-8942

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...

8.8CVSS8.5AI score0.82736EPSS
Exploits7References1
OSV
OSV
added 2018/12/14 8:29 p.m.2 views

DEBIAN-CVE-2018-20152

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input...

6.5CVSS6.9AI score0.0427EPSS
Exploits0References1
OSV
OSV
added 2018/12/14 8:29 p.m.3 views

DEBIAN-CVE-2018-20149

In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data...

5.4CVSS6.9AI score0.03443EPSS
Exploits0References1
OSV
OSV
added 2018/12/14 8:29 p.m.2 views

UBUNTU-CVE-2018-20152

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input...

6.5CVSS7AI score0.0427EPSS
Exploits0References3
OSV
OSV
added 2018/09/06 12:29 p.m.5 views

DEBIAN-CVE-2017-1000600

WordPress version 4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has...

8.8CVSS8.9AI score0.03798EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/04 12:0 a.m.45 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2017-38267)

WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases, or use WordPress as a content management system CMS. A cross-site scripting vulnerability exists in WordPress before 4.9.1. The vulnerability...

5.4CVSS6.2AI score0.04132EPSS
Exploits0References1
Rows per page
Query Builder