Lucene search
K

65 matches found

Cvelist
Cvelist
added 2024/03/17 4:14 p.m.31 views

CVE-2024-25591 WordPress WP Editor plugin <=1.2.7 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through 1.2.7...

5.3CVSS5.5AI score0.00453EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/17 12:0 a.m.8 views

PT-2024-21021 · WordPress · Benjamin Rojas Wp Editor

Name of the Vulnerable Software and Affected Versions: Benjamin Rojas WP Editor versions 1.2.7 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not ha...

7.5CVSS9.2AI score0.00453EPSS
Exploits0References5
NVD
NVD
added 2024/01/16 4:15 p.m.17 views

CVE-2021-24151

The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings...

7.2CVSS7.4AI score0.00771EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/01/16 3:48 p.m.27 views

CVE-2021-24151 WP Editor < 1.2.7 - Authenticated SQL injection

The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings...

7.6AI score0.00771EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/01/16 3:48 p.m.4 views

CVE-2021-24151 WP Editor < 1.2.7 - Authenticated SQL injection

The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings...

7.3AI score0.00771EPSS
Exploits2References1
CVE
CVE
added 2024/01/16 3:48 p.m.40 views

CVE-2021-24151

Summary of CVE-2021-24151 : The WP Editor WordPress plugin (versions before 1.2.7) contains an authenticated (admin+) blind SQL injection vulnerability in its settings save path caused by failure to sanitize/validate setting fields. This allows an arbitrary parameter to influence the SQL query du...

7.2CVSS7.3AI score0.00771EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2021/02/01 12:0 a.m.809 views

WP Editor < 1.2.7 - Authenticated SQL injection

The plugin did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings. https://drive.google.com/file/d/1KT4lHePmYuX36jvA4AEQ1MVDwJBlZOO/view?usp=sharing payload:...

2.5AI score0.00771EPSS
Exploits2
CNVD
CNVD
added 2019/10/12 12:0 a.m.3 views

WordPress wp-editor plugin permission license and access control issue vulnerability

WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-editor plugin is an editor plugin used in it. A security vulnerability exists in WordPress wp-editor plugin versions prio...

9.8CVSS6.6AI score0.01999EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/16 12:0 a.m.4 views

WordPress wp-editor plugin cross-site request forgery vulnerability

WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-editor plugin is an editor plugin used in it. A cross-site request forgery vulnerability exists in the WordPress wp-edito...

8.8CVSS6.7AI score0.0068EPSS
Exploits0References1
NVD
NVD
added 2019/08/14 4:15 p.m.16 views

CVE-2016-10885

The wp-editor plugin before 1.2.6 for WordPress has CSRF...

8.8CVSS8.8AI score0.0068EPSS
Exploits0References1
OSV
OSV
added 2019/08/14 4:15 p.m.4 views

CVE-2016-10886

The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions...

9.8CVSS5.8AI score0.01999EPSS
Exploits0References1
NVD
NVD
added 2019/08/14 4:15 p.m.19 views

CVE-2016-10886

The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions...

9.8CVSS9.6AI score0.01999EPSS
Exploits0References1
OSV
OSV
added 2019/08/14 4:15 p.m.1 views

CVE-2016-10885

The wp-editor plugin before 1.2.6 for WordPress has CSRF...

8.8CVSS5.8AI score0.0068EPSS
Exploits0References1
CVE
CVE
added 2019/08/14 3:25 p.m.55 views

CVE-2016-10885

The Red Hat and OpenVAS/Misc entries confirm a CSRF vulnerability in the WordPress wp-editor plugin prior to version 1.2.6. The flaw allows unauthorized requests from authenticated users to perform state-changing actions (CSRF) within wp-editor. Affected component: WordPress wp-editor plugin; vul...

8.8CVSS9.1AI score0.0068EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/14 3:25 p.m.50 views

CVE-2016-10886

The CVE-2016-10886 entry concerns the WordPress wp-editor plugin prior to version 1.2.6 with incorrect permissions. Connected sources (Red Hat, CNVD, OpenVAS, PRION, CVE/CVEList mirrors, WPScan) corroborate that the issue affects the wp-editor plugin for WordPress and is limited to versions befor...

9.8CVSS9.5AI score0.01999EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/08/14 12:0 a.m.4 views

PT-2019-7682 · WordPress · Wp Editor

Name of the Vulnerable Software and Affected Versions: wp-editor plugin versions prior to 1.2.6 Description: The issue is related to incorrect permissions in the wp-editor plugin for WordPress. Recommendations: For versions prior to 1.2.6, update to version 1.2.6 or later to resolve the issue...

9.8CVSS9.3AI score0.01999EPSS
Exploits0References4
CNVD
CNVD
added 2019/08/14 12:0 a.m.2 views

WordPress wp-editor plugin cross-site scripting vulnerability

WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-editor plugin is an editor plugin used in it. A cross-site scripting vulnerability exists in WordPress wp-editor plugin...

6.1CVSS6.2AI score0.0093EPSS
Exploits0References1
OSV
OSV
added 2019/08/12 3:15 p.m.3 views

CVE-2016-10877

The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues...

6.1CVSS5.8AI score0.0093EPSS
Exploits0References1
NVD
NVD
added 2019/08/12 3:15 p.m.21 views

CVE-2016-10877

The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.0093EPSS
Exploits0References1
Prion
Prion
added 2019/08/12 3:15 p.m.10 views

Cross site scripting

The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues...

4.3CVSS6.4AI score0.0093EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder