Lucene search
+L

40 matches found

Positive Technologies
Positive Technologies
added 2025/01/23 12:0 a.m.11 views

PT-2025-4402 · Tarak Patel · Wp Query Creator

Name of the Vulnerable Software and Affected Versions: Tarak Patel WP Query Creator versions 1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject maliciou...

7.1CVSS8.9AI score0.00246EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/01/18 12:0 a.m.8 views

WordPress WP Query Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WP Query Creator versions = 1.0...

7.1CVSS6.1AI score0.00246EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/01/16 9:15 p.m.19 views

CVE-2025-23926

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TC.K Ajax WP Query Search Filter ajax-wp-query-search-filter allows Stored XSS.This issue affects Ajax WP Query Search Filter: from n/a through = 1.0.7...

6.5CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 2025/01/16 8:7 p.m.57 views

CVE-2025-23926

CVE-2025-23926 is a stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin Ajax WP Query Search Filter (versions up to 1.0.7). The issue arises from improper neutralization of user input during web page generation. Public data in the initial record show a CVSS v3.1 base sc...

6.5CVSS7.2AI score0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/16 8:7 p.m.10 views

CVE-2025-23926 WordPress Ajax WP Query Search Filter plugin <= 1.0.7 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TC.K Ajax WP Query Search Filter ajax-wp-query-search-filter allows Stored XSS.This issue affects Ajax WP Query Search Filter: from n/a through = 1.0.7...

6.5CVSS7.2AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/16 8:7 p.m.28 views

CVE-2025-23926 WordPress Ajax WP Query Search Filter plugin <= 1.0.7 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TC.K Ajax WP Query Search Filter ajax-wp-query-search-filter allows Stored XSS.This issue affects Ajax WP Query Search Filter: from n/a through = 1.0.7...

6.5CVSS0.0022EPSS
Exploits0References1
OSV
OSV
added 2024/10/28 12:15 p.m.6 views

CVE-2024-50498

Improper Control of Generation of Code 'Code Injection' vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0...

9.8CVSS5.8AI score0.5364EPSS
Exploits4References2
NVD
NVD
added 2024/10/28 12:15 p.m.37 views

CVE-2024-50498

Improper Control of Generation of Code 'Code Injection' vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through = 1.0...

10CVSS0.5364EPSS
Exploits4References2
Vulnrichment
Vulnrichment
added 2024/10/28 11:24 a.m.20 views

CVE-2024-50498 WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through = 1.0...

10CVSS7.4AI score0.5364EPSS
Exploits4References1
Cvelist
Cvelist
added 2024/10/28 11:24 a.m.43 views

CVE-2024-50498 WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Ajit Bohra WP Query Console wp-query-console allows Code Injection.This issue affects WP Query Console: from n/a through = 1.0...

10CVSS0.5364EPSS
Exploits4References1
CVE
CVE
added 2024/10/28 11:24 a.m.120 views

CVE-2024-50498

Summary of CVE-2024-50498: The WordPress plugin WP Query Console ≤ 1.0 is vulnerable to an unauthenticated Remote Code Execution due to improper control of code generation, enabling arbitrary PHP execution via a crafted REST request (example: POST to /wp-json/wqc/v1/query with {"queryArgs":"phpin...

10CVSS7.4AI score0.5364EPSS
In wildExploits4References2Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.24 views

WordPress WP Query Console Plugin <= 1.0 is vulnerable to Remote Code Execution (RCE)

Software WP Query Console Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-50498 Patch priority High CVSS severity High 10 Developer Claim ownership PSID af5ddac5f157 Credits stealthcopter Required privilege...

10CVSS7.6AI score0.5364EPSS
Exploits4References1Affected Software1
OSV
OSV
added 2023/12/18 8:15 p.m.5 views

CVE-2023-4724

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...

7.2CVSS5.9AI score0.01151EPSS
Exploits2References1
NVD
NVD
added 2023/04/23 11:15 a.m.23 views

CVE-2023-23832

Auth. contributor+ Cross-Site Scripting XSS vulnerability in TC Ultimate WP Query Search Filter plugin = 1.0.10 versions...

6.5CVSS6AI score0.00361EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/23 10:6 a.m.4 views

CVE-2023-23832 WordPress Ultimate WP Query Search Filter Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Cross-Site Scripting XSS vulnerability in TC Ultimate WP Query Search Filter plugin = 1.0.10 versions...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References1
CVE
CVE
added 2023/04/23 10:6 a.m.42 views

CVE-2023-23832

CVE-2023-23832: A Cross-Site Scripting (XSS) vulnerability in the WordPress plugin TC Ultimate WP Query Search Filter affects versions

6.5CVSS5.4AI score0.00361EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/04/23 12:0 a.m.2 views

WordPress plugin Ultimate WP Query Search Filter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.6AI score0.00361EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:49 a.m.4 views

SUSE CVE-2017-5611

SQL injection vulnerability in wp-includes/class-wp-query.php in WPQuery in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name...

9.8CVSS9.8AI score0.09933EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/02/15 12:0 a.m.17 views

WordPress Ultimate WP Query Search Filter Plugin <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate WP Query Search Filter Type Plugin Vulnerable versions = 1.0.10 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23832 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 990a4164b91e Credits István...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/01/06 12:0 a.m.7 views

PT-2022-7031

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.8.3 WordPress versions 3.7.37 and earlier Description The issue is related to improper sanitization in the WP Query function of the WordPress content management system, which can lead to SQL injection through...

8.8CVSS7.5AI score0.97795EPSS
Exploits15References63
Rows per page
Query Builder