Lucene search
K

170 matches found

RedhatCVE
RedhatCVE
added 2025/05/09 2:19 a.m.10 views

CVE-2025-4335

The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the savemultipleshippingaddresses function. This makes it possible for...

8.8CVSS6.6AI score0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.8 views

PT-2025-19871 · WordPress · Pgs Core

Name of the Vulnerable Software and Affected Versions: PGS Core plugin for WordPress versions up to, and including, 5.8.0 Description: The issue concerns PHP Object Injection via deserialization of untrusted input in the import header function, allowing unauthenticated attackers to inject a PHP...

9.8CVSS9.8AI score0.00548EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/05/03 12:0 a.m.3 views

PT-2025-18928 · WordPress · Personizely

Name of the Vulnerable Software and Affected Versions: Personizely plugin for WordPress versions up to, and including, 0.10 Description: The issue is related to Stored Cross-Site Scripting via the widgetId parameter due to insufficient input sanitization and output escaping. This allows...

6.4CVSS6.3AI score0.00255EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/05/02 12:0 a.m.6 views

PT-2025-18756 · WordPress · Homey

Name of the Vulnerable Software and Affected Versions: Homey theme for WordPress versions up to, and including, 2.4.4 Description: The issue allows authenticated attackers with Subscriber-level access and above to delete other users' accounts due to missing validation on a user-controlled key in...

4.3CVSS5.4AI score0.002EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.5 views

PT-2025-18358 · WordPress · Projectopia

Name of the Vulnerable Software and Affected Versions: The Projectopia – WordPress Project Management plugin for WordPress versions up to, and including, 5.1.16 Description: The issue allows unauthorized modification of data, potentially leading to a denial of service. This is due to a missing...

8.1CVSS8.3AI score0.00361EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.6 views

PT-2025-18138 · WordPress · Gutenverse

Name of the Vulnerable Software and Affected Versions: Gutenverse – Ultimate Block Addons and Page Builder for Site Editor plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's countdown Block due to insufficien...

6.4CVSS6.4AI score0.00231EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/04/24 12:0 a.m.3 views

WordPress plugin Arrival 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

7.5CVSS7.8AI score0.0056EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/12 8:12 a.m.26 views

CVE-2024-10894

The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS6AI score0.0029EPSS
Exploits0References1
CVE
CVE
added 2025/04/05 5:32 a.m.68 views

CVE-2025-0839

CVE-2025-0839 concerns ZoomSounds — WordPress Wave Audio Player with Playlist. The vulnerability is a Stored Cross-Site Scripting (XSS) in the ZoomSounds plugin, affecting versions up to and including 6.91, caused by insufficient input sanitization and output escaping on user-supplied shortcode a...

6.4CVSS5.7AI score0.00211EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/03 4:34 p.m.18 views

CVE-2025-31871

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Galaxy Weblinks WP Clone any post type wp-clone-any-post-type allows Phishing.This issue affects WP Clone any post type: from n/a through = 3.6...

4.7CVSS7.2AI score0.00336EPSS
Exploits0References1
NVD
NVD
added 2025/04/01 3:16 p.m.31 views

CVE-2025-31871

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Galaxy Weblinks WP Clone any post type wp-clone-any-post-type allows Phishing.This issue affects WP Clone any post type: from n/a through = 3.6...

4.7CVSS0.00336EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/28 11:54 a.m.19 views

CVE-2025-31448 WordPress Simple Trackback Disabler plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in misteraon Simple Trackback Disabler simple-trackback-disabler allows Cross Site Request Forgery.This issue affects Simple Trackback Disabler: from n/a through = 1.4...

5.4CVSS0.00145EPSS
Exploits0References1
CVE
CVE
added 2025/03/26 11:22 a.m.66 views

CVE-2024-13411

CVE-2024-13411 pertains to the Zapier for WordPress plugin for WordPress, with SSRF vulnerability in all versions up to 1.5.1 via the updated_user() function. The issue allows authenticated attackers with Subscriber-level access or higher to cause the WordPress application to perform web requests...

6.4CVSS6.6AI score0.00292EPSS
Exploits0References6
CVE
CVE
added 2025/03/22 4:22 a.m.70 views

CVE-2025-0723

CVE-2025-0723 (ProfileGrid – WordPress) discloses a blind/time-based SQL Injection in the ProfileGrid plugin (versions ≤ 5.9.4.7) via the rid and search parameters caused by insufficient escaping and SQL prep. The vulnerability permits authenticated users with Subscriber-level access and higher t...

6.5CVSS6.8AI score0.00351EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/03/20 7:29 a.m.138 views

CVE-2025-2505

The CVE-2025-2505 entry concerns the WordPress Age Gate plugin, affected versions up to and including 3.5.3. A local PHP file inclusion via the lang parameter allows unauthenticated attackers to include and execute arbitrary PHP files on the server, potentially bypassing access controls and expos...

9.8CVSS9.9AI score0.01229EPSS
Exploits0References3
CVE
CVE
added 2025/03/15 3:23 a.m.69 views

CVE-2025-2164

CVE-2025-2164 affects the WordPress plugin pixelstats (

6.1CVSS6.4AI score0.00304EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/03/15 12:0 a.m.4 views

WordPress plugin WPSchoolPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

6.5CVSS9.2AI score0.00347EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/14 7:23 a.m.6 views

CVE-2024-13407 Omnipress <= 1.5.4 - Authenticated (Contributor+) Post Disclosure

The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above,...

4.3CVSS4.5AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/01 7:24 a.m.15 views

CVE-2024-13806 Authors List <= 2.0.6 - Unauthenticated Arbitrary Shortcode Execution

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

6.5CVSS0.00344EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/24 3:11 p.m.3 views

WordPress Google Maps for WordPress plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Google Maps for WordPress versions = 1.0.3...

6.5CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
Rows per page
Query Builder