Lucene search
+L

183 matches found

Positive Technologies
Positive Technologies
added 2024/09/25 12:0 a.m.6 views

PT-2024-39371 · Wpzoom · Wpzoom Shortcodes

Name of the Vulnerable Software and Affected Versions: WPZOOM Shortcodes plugin for WordPress versions up to, and including, 1.0.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'box' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6.2AI score0.00342EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.3 views

WordPress plugin WPZOOM Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS5.8AI score0.00342EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/09/24 12:48 p.m.4 views

WordPress WPZOOM Shortcodes plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via box Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WPZOOM Shortcodes versions = 1.0.5...

6.4CVSS5.8AI score0.00342EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/24 12:0 a.m.18 views

WordPress WPZOOM Shortcodes Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software WPZOOM Shortcodes Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9027 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 023d928af205 Credits Peter Thaleikis Required...

6.4CVSS5.8AI score0.00342EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/09/02 3:46 a.m.5 views

WordPress WPZOOM Portfolio Lite plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via align Attribute vulnerability discovered by Francesco Carlucci in WordPress Plugin WPZOOM Portfolio versions = 1.4.4...

6.4CVSS5.8AI score0.00352EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/02 12:0 a.m.15 views

WordPress WPZOOM Portfolio Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Software WPZOOM Portfolio Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8276 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5e6e6f313600 Credits Francesco Carlucci...

6.4CVSS5.8AI score0.00352EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/08/31 8:15 a.m.5 views

CVE-2024-8276

The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping...

5.4CVSS5.9AI score0.00352EPSS
Exploits0References4
CVE
CVE
added 2024/08/31 7:36 a.m.50 views

CVE-2024-8276

CVE-2024-8276 (WPZOOM Portfolio Lite – Filterable Portfolio Plugin) affects WordPress WPZOOM Portfolio Lite. It allows Stored XSS via the align attribute in the wp:wpzoom-blocks Gutenberg block for all versions up to 1.4.4, caused by insufficient input sanitization and output escaping. Exploitati...

6.4CVSS5.5AI score0.00352EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/08/31 7:36 a.m.27 views

CVE-2024-8276 WPZOOM Portfolio Lite – Filterable Portfolio Plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping...

6.4CVSS0.00352EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/08/31 12:0 a.m.5 views

WordPress plugin WPZOOM Portfolio Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

6.4CVSS5.9AI score0.00352EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/08/31 12:0 a.m.9 views

PT-2024-38906 · Wpzoom · Wpzoom Portfolio Lite – Filterable Portfolio Plugin

Name of the Vulnerable Software and Affected Versions: WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress versions up to, and including, 1.4.4 Description: The issue is related to Stored Cross-Site Scripting via the align attribute within the 'wp:wpzoom-blocks' Gutenberg blo...

6.4CVSS5.9AI score0.00352EPSS
Exploits0References10
NVD
NVD
added 2024/07/09 12:15 p.m.20 views

CVE-2024-37464

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.5...

4.9CVSS0.00864EPSS
Exploits0References1
OSV
OSV
added 2024/07/09 12:15 p.m.5 views

CVE-2024-37464

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.5...

4.9CVSS5.8AI score0.00864EPSS
Exploits0References1
CVE
CVE
added 2024/07/09 11:45 a.m.58 views

CVE-2024-37464

CVE-2024-37464 corresponds to an authenticated Local File Inclusion (path traversal) in Beaver Builder Addons by WPZOOM. Public sources in Connected Documents report that affected software is Beaver Builder Addons by WPZOOM, with versions from n/a through 1.3.5, and that the issue enables local f...

4.9CVSS5.5AI score0.00864EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/09 11:45 a.m.10 views

CVE-2024-37464 WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.5 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.5...

4.9CVSS6.8AI score0.00864EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 11:45 a.m.27 views

CVE-2024-37464 WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.5 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Path Traversal.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.5...

4.9CVSS0.00864EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.4 views

WordPress plugin Beaver Builder Addons by WPZOOM Path Traversal Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

4.9CVSS6.8AI score0.00864EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/01 12:1 p.m.6 views

WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.5...

4.9CVSS7AI score0.00864EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/01 12:0 a.m.18 views

WordPress Beaver Builder Addons by WPZOOM Plugin <= 1.3.5 is vulnerable to Local File Inclusion

Software Beaver Builder Addons by WPZOOM Type Plugin Vulnerable versions = 1.3.5 Fixed in 1.3.6 OWASP Top 10 A5: Security Misconfiguration Classification Local File Inclusion CVE CVE-2024-37464 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID d25d4ebd9af1 Credits João Pedro...

4.9CVSS6.6AI score0.00864EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/06/20 4:15 a.m.6 views

CVE-2024-5686

The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes ...

5.4CVSS5.9AI score0.00352EPSS
Exploits0References3
Rows per page
Query Builder