Lucene search
K

170 matches found

Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.3 views

PT-2025-39012

Name of the Vulnerable Software and Affected Versions RIS Version Switcher versions through 1.0 Description A Cross-Site Request Forgery CSRF issue exists in RIS Version Switcher – Downgrade or Upgrade WP Versions Easily. This allows attackers to perform actions on behalf of an authenticated user...

6.5CVSS6.3AI score0.00187EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/04 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2011-3818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an...

5CVSS5.9AI score0.02269EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-20152

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. CVE-2018-20152 Note that Nessus reli...

6.5CVSS7.4AI score0.04214EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2020-28037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - isbloginstalled in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attack...

9.8CVSS8.8AI score0.0774EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-9062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. CVE-2017-9062 Note that Nessus relies on the presence of the...

8.6CVSS7.7AI score0.01775EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-20150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. CVE-2018-20150 Note that Nessus relies o...

6.1CVSS6.9AI score0.05052EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2019-16222

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.2.3 has an issue with URL sanitization in wpksesbadprotocolonce in wp- includes/kses.php that can lead to cross-site scripting XSS attacks...

6.1CVSS6.6AI score0.02198EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-38000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Auth. Stored contributor+ Cross-Site Scripting XSS vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0...

6.5CVSS6.4AI score0.00788EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-39999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through...

4.3CVSS5.5AI score0.01045EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/08/16 12:0 a.m.12 views

WordPress Soledad Theme <= 8.6.7 is vulnerable to Local File Inclusion

Software Soledad Type Theme Vulnerable versions = 8.6.7 Fixed in 8.6.8 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-8142 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID e6e0ba39a319 Credits stealthcopter Required privilege Contributor Publish...

8.8CVSS7.2AI score0.00469EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/26 12:0 a.m.5 views

PT-2025-30947 · WordPress · Geodirectory – Wp Business Directory Plugin +1

Name of the Vulnerable Software and Affected Versions: GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress versions prior to 2.8.98 Description: The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is...

7.5CVSS7.3AI score0.00436EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.5 views

WordPress plugin Ebook Store 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.4CVSS5.8AI score0.0022EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/07/18 12:30 p.m.5 views

WordPress LeadBI Plugin for WordPress plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin LeadBI Plugin for WordPress versions = 1.7...

6.5CVSS6.1AI score0.00191EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/07/16 12:15 p.m.5 views

CVE-2025-46500

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ValvePress Wordpress Auto Spinner wp-auto-spinner allows Reflected XSS.This issue affects Wordpress Auto Spinner: from n/a through = 3.26.0...

7.1CVSS0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.5 views

WordPress plugin Electrician - Electrical Service WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Electrician - Electrical...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/19 12:0 a.m.5 views

PT-2025-26209 · WordPress · Football-Pool

Name of the Vulnerable Software and Affected Versions: Football Pool plugin for WordPress versions up to, and including, 2.12.4 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated...

5.5CVSS5.7AI score0.00214EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.4 views

WordPress plugin Slim SEO SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.6CVSS7.8AI score0.00271EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.6 views

PT-2025-24041 · WordPress · Wp-Addpub

Name of the Vulnerable Software and Affected Versions: WP-Addpub plugin for WordPress versions 1.2.8 and earlier Description: The issue allows authenticated attackers with Contributor-level access or higher to inject SQL queries via the 'wp-addpub' shortcode. This is due to insufficient escaping ...

6.5CVSS6.4AI score0.00295EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.7 views

CVE-2024-0602

The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00516EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:0 a.m.21 views

CVE-2024-6754

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpwautoposterupdatetweettemplate’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Subscriber-level...

5.4CVSS6.2AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder