Lucene search
K

470 matches found

Nuclei
Nuclei
added yesterday45 views

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...

6.1CVSS6.4AI score0.03419EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday131 views

Advanced Custom Fields < 6.1.6 - Cross-Site Scripting

Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the poststatus parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow th...

7.1CVSS6.8AI score0.38768EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday64 views

Popup by Supsystic <1.10.5 - Cross-Site scripting

WordPress Popup by Supsystic before 1.10.5 did not sanitize the tab parameter of its options page before outputting it in an attribute, leading to a reflected cross-site scripting issue. id: CVE-2021-24275 info: name: Popup by Supsystic 1.10.5 - Cross-Site scripting author: dhiyaneshDK severity:...

6.1CVSS6.3AI score0.18165EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday141 views

SMTP WP Plugin Directory Listing

The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. id: CVE-2020-35234 info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and i...

7.5CVSS6.9AI score0.64603EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday41 views

Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions such as blocking legitimate instructors. id: CVE-2020-8615 info: name: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Reque...

6.5CVSS6.6AI score0.0883EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday48 views

Advanced Text Widget < 2.0.2 - Cross-Site Scripting

A cross-site scripting XSS vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2011-4618 info: name: Advanced Text Widget 2.0.2 - Cross-Site Scripting author:...

4.3CVSS6.2AI score0.10083EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday35 views

Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting

Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2020-26153 info:...

6.1CVSS6.5AI score0.03796EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday71 views

WordPress Canto 1.3.0 - Blind Server-Side Request Forgery

WordPress Canto plugin 1.3.0 is susceptible to blind server-side request forgery. An attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized administrative...

5.3CVSS6.3AI score0.27771EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday44 views

WordPress Church Admin <0.810 - Cross-Site Scripting

WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/churchadmin-registration-form/. id: CVE-2015-4127 info: name: WordPress Church Admin 0.810 - Cross-Site Scripting author: daffainfo severity...

4.3CVSS6.2AI score0.07495EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday24 views

WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion

Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter. id: CVE-2014-4577 info: name: WP AmASIN – The Amazon Affiliate Shop -...

5CVSS7.2AI score0.03749EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday69 views

WordPress Candidate Application Form <= 1.3 - Local File Inclusion

WordPress Candidate Application Form = 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks. id: CVE-2015-1000005 info: name: WordPress Candidate Application Form = 1.3 - Local File Inclusion author: dhiyaneshDK severity: high...

7.5CVSS7.1AI score0.08833EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday24 views

WordPress StageShow <5.0.9 - Open Redirect

WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshowredirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter. id: CVE-2015-5461 info: name:...

6.4CVSS6.2AI score0.06283EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday29 views

WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval

WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file. id: CVE-2015-4694 info: name: WordPress Zip Attachments = 1.1.4 - Arbitrary File Retrieval author: 0xAkoko severity: high description: WordPress zip-attachments plugin...

8.6CVSS7.1AI score0.15646EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday53 views

WordPress DB Backup <=4.5 - Local File Inclusion

WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. id:...

5CVSS7AI score0.16117EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday47 views

NewStatPress <=1.0.4 - Cross-Site Scripting

WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file "includes/nspsearch.php", several variables from the $GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the output...

6.1CVSS6.3AI score0.01879EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday30 views

WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal

WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in downloadaudio.php that allows remote attackers to read arbitrary files via a .. dot dot in the file parameter. id: CVE-2015-4414 info: name: WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversa...

5CVSS7.1AI score0.18958EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday44 views

WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting

WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting vulnerability. id: CVE-2015-6920 info: name: WordPress sourceAFRICA =0.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting...

4.3CVSS6AI score0.0384EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday26 views

Shortcode Ninja <= 1.4 - Cross-Site Scripting

A cross-site scripting vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter. id: CVE-2014-4550 info: name: Shortcode Ninja = 1.4 - Cross-Site Scripting...

6.1CVSS6.5AI score0.03884EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday39 views

WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting

A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. id: CVE-2013-4117 info: name: WordPress Plugin Category Grid View Gallery 2.3.1 -...

4.3CVSS6.2AI score0.12974EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday59 views

WordPress Sniplets 1.1.2 - Local File Inclusion

PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. id: CVE-2008-1059 info: name: WordPress Sniplets 1.1.2 - Local File Inclusion autho...

7.5CVSS6.3AI score0.48329EPSS
Exploits2References5
Rows per page
Query Builder