Lucene search
K

63 matches found

Vulnrichment
Vulnrichment
added 2025/02/28 8:23 a.m.8 views

CVE-2024-9195 WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update

The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updatesettings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes ...

8.8CVSS8.8AI score0.00378EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/14 4:25 a.m.9 views

CVE-2024-13653

The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' and 'restoreoptions' functions in all versions up to, and including, 2.12.0. Thi...

8.8CVSS7.3AI score0.005EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/07 4:21 p.m.40 views

CVE-2024-7425 WP All Export Pro <= 1.9.1 - Authenticated (ShopManager+) Arbtirary Options Update

The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop...

6.8CVSS0.00392EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 1:28 a.m.5 views

CVE-2024-11725

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings function in all versions up to, and including, 3.7.6. This makes it...

8.8CVSS7.1AI score0.00503EPSS
Exploits0References1
CVE
CVE
added 2025/01/26 11:9 a.m.58 views

CVE-2024-11936

CVE-2024-11936 (Zox News, WordPress) : The Zox News theme (versions

8.8CVSS8.8AI score0.0036EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.4 views

WordPress Site Launcher Plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Site Launcher versions = 0.9.4...

7.1CVSS6.1AI score0.00363EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/01/13 1:11 p.m.23 views

CVE-2025-22576 WordPress Site PIN Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus Downing Site PIN site-pin allows Reflected XSS.This issue affects Site PIN: from n/a through = 1.3...

7.1CVSS0.00303EPSS
Exploits0References1
CVE
CVE
added 2025/01/13 1:11 p.m.30 views

CVE-2025-22576

CVE-2025-22576 is a Reflected XSS in the WordPress plugin/site "Site PIN" (by Marcus Downing), affecting version up to 1.3. The issue stems from improper input neutralization during web page generation. As per the provided sources, the CVE-ID and vulnerability type are confirmed, with a CVSSv3.1 ...

7.1CVSS7.2AI score0.00303EPSS
Exploits0References1
NVD
NVD
added 2025/01/07 7:15 a.m.11 views

CVE-2024-11725

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings function in all versions up to, and including, 3.7.6. This makes it...

8.8CVSS0.00503EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/01/07 6:40 a.m.9 views

CVE-2024-11725 SMS Alert Order Notifications – WooCommerce <= 3.7.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings function in all versions up to, and including, 3.7.6. This makes it...

8.8CVSS8.7AI score0.00503EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.11 views

PT-2024-12732 · Unknown · Instant Css

Name of the Vulnerable Software and Affected Versions: Instant CSS versions 1.1.4 and earlier Description: The issue is related to missing authorization, allowing exploitation of incorrectly configured access control security levels. This is a broken access control issue that can be exploited by...

5.4CVSS9.4AI score0.00434EPSS
Exploits0References9
NVD
NVD
added 2024/07/04 1:15 a.m.40 views

CVE-2024-38344

A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintende...

5.4CVSS0.00256EPSS
Exploits0References2
CVE
CVE
added 2024/07/04 12:19 a.m.34 views

CVE-2024-38345

CVE-2024-38345 describes a cross-site request forgery (CSRF) in Sola Testimonials for WordPress prior to 3.0.0. The vulnerability could allow a logged-in user on a WordPress site with the affected plugin enabled to access a malicious page and perform unintended actions. The CVSS vector (AV:N/AC:L...

8.1CVSS6.8AI score0.00252EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/04 12:18 a.m.38 views

CVE-2024-38344

A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintende...

0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/03 6:51 a.m.34 views

CVE-2024-35642 WordPress Site Favicon plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bryan Hadaway Site Favicon allows Stored XSS.This issue affects Site Favicon: from n/a through 0.2...

5.9CVSS6.1AI score0.00259EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/05/30 12:0 a.m.10 views

WordPress Site Favicon Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Software Site Favicon Type Plugin Vulnerable versions = 0.2 Fixed in 0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35642 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 793a8085c766 Credits Cronus Required privilege Administrator...

5.9CVSS6.6AI score0.00259EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/29 8:8 a.m.5 views

WordPress Site Reviews plugin < 7.0.0 - IP Spoofing vulnerability

IP Spoofing vulnerability discovered by Sławomir Zakrzewski, Maksymilian Kubiak AFINE in WordPress Plugin Site Reviews versions 7.0.0...

9.1CVSS6.9AI score0.00565EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/04/17 12:15 p.m.4 views

CVE-2024-3333

The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attributes of widgets in all versions up to, and including, 5.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.00402EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/19 4:6 p.m.10 views

CVE-2024-29095 WordPress Site Reviews plugin <= 6.11.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gemini Labs Site Reviews site-reviews.This issue affects Site Reviews: from n/a through = 6.11.6...

5.9CVSS7.2AI score0.00325EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/03/15 12:0 a.m.9 views

WordPress Site Reviews Plugin <= 6.11.6 is vulnerable to Cross Site Scripting (XSS)

Software Site Reviews Type Plugin Vulnerable versions = 6.11.6 Fixed in 6.11.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29095 Patch priority Low CVSS severity Low 5.9 Developer Gemini Labs PSID ea55e6cb50a9 Credits isacaya Required privilege Author Published...

5.9CVSS6.6AI score0.00325EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder