Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-51267

Malicious code in bioql PyPI...

6.1CVSS8.7AI score0.00292EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/13 9:18 a.m.4 views

CVE-2025-0180

The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.7. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on...

9.8CVSS7.1AI score0.00503EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/12 7:29 p.m.4 views

CVE-2024-13010

The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on the 'searchtype' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

6.1CVSS7.4AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/12 7:26 p.m.4 views

CVE-2024-13011

The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'uploadpublisherprofileimage' function in versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affect...

9.8CVSS9.8AI score0.00851EPSS
Exploits0References1
NVD
NVD
added 2025/02/11 7:15 a.m.4 views

CVE-2025-0181

The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.8. This is due to the plugin not properly validating a user's identity prior to setting the current user and their authentication cookie. This makes it possibl...

9.8CVSS0.00596EPSS
Exploits0References2
CVE
CVE
added 2025/02/11 6:54 a.m.58 views

CVE-2025-0181

CVE-2025-0181 affects WP Foodbakery (WordPress) up to version 4.7. It enables unauthenticated privilege escalation via foodbakery_parse_request by bypassing identity validation, potentially leading to an administrator account takeover. The related feeds indicate the issue has been patched; exact ...

9.8CVSS7.2AI score0.00596EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/11 6:54 a.m.11 views

CVE-2025-0181 WP Foodbakery <= 4.8 - Authentication Bypass in foodbakery_parse_request

The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.8. This is due to the plugin not properly validating a user's identity prior to setting the current user and their authentication cookie. This makes it possibl...

9.8CVSS0.00596EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/11 6:54 a.m.11 views

CVE-2025-0180 WP Foodbakery <= 4.7 - Unauthenticated Privilege Escalation in foodbakery_registration_validation

The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.7. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on...

9.8CVSS0.00503EPSS
Exploits0References2
CVE
CVE
added 2025/02/11 6:54 a.m.60 views

CVE-2025-0180

CVE-2025-0180 affects WP Foodbakery (WordPress)

9.8CVSS7.1AI score0.00503EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/11 6:54 a.m.3 views

CVE-2025-0180 WP Foodbakery <= 4.7 - Unauthenticated Privilege Escalation in foodbakery_registration_validation

The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on...

9.8CVSS9.8AI score0.00503EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/10 6:42 p.m.5 views

CVE-2024-13010 WP Foodbakery <= 4.8 - Reflected Cross-Site Scripting

The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on the 'searchtype' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

6.1CVSS7.4AI score0.00292EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/10 6:42 p.m.10 views

CVE-2024-13010 WP Foodbakery <= 4.8 - Reflected Cross-Site Scripting

The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on the 'searchtype' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

6.1CVSS0.00292EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/10 6:42 p.m.11 views

CVE-2024-13011 WP Foodbakery <= 4.7 - Unauthenticated Arbitrary File Upload

The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'uploadpublisherprofileimage' function in versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affect...

9.8CVSS0.00851EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/07/06 11:3 a.m.22 views

CVE-2021-24389 FoodBakery < 2.2 - Reflected Cross-Site Scripting (XSS)

The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakeryradius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting XSS vulnerability...

6.2AI score0.04348EPSS
Exploits2References1
CVE
CVE
added 2021/07/06 11:3 a.m.97 views

CVE-2021-24389

CVE-2021-24389 : WordPress WP FoodBakery plugin (pre-2.2) used with FoodBakery theme (pre-2.2) contains an unauthenticated reflected XSS in the foodbakery_radius parameter, which is not properly sanitized before echoed in the response. Impact stated: potential for injection of malicious scripts l...

6.1CVSS6.1AI score0.04348EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder