Lucene search
+L

85 matches found

vulnrichment
vulnrichment
added 2025/01/11 2:20 a.m.4 views

CVE-2024-12204 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization

The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it...

5.4CVSS6.7AI score0.00242EPSS
Exploits0References2
cvelist
cvelist
added 2025/01/11 2:20 a.m.14 views

CVE-2024-12204 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization

The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it...

5.4CVSS0.00242EPSS
Exploits0References2
cve
cve
added 2025/01/11 2:20 a.m.34 views

CVE-2024-12627

CVE-2024-12627 - Coupon X: Discount Pop Up plugin (WordPress) is a PHP Object Injection vulnerability in versions up to 1.3.5, triggered by deserialization of untrusted input in the capture_email AJAX action. Authenticated attackers with Contributor-level access or higher can inject a PHP object....

7.5CVSS7.7AI score0.0054EPSS
Exploits0References2
cvelist
cvelist
added 2025/01/11 2:20 a.m.12 views

CVE-2024-12627 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection

The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via deserialization of untrusted input from post content passed to the captureemail AJAX action. This...

7.5CVSS0.0054EPSS
Exploits0References2
patchstack
patchstack
added 2025/01/10 9:1 p.m.7 views

WordPress Coupon X plugin <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection vulnerability

Missing Authorization to Authenticated Contributor+ PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Plugin Coupon X versions = 1.3.5...

7.5CVSS7.3AI score0.0054EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2025/01/10 9:0 p.m.4 views

WordPress Coupon X plugin <= 1.3.5 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Lucio Sá in WordPress Plugin Coupon X versions = 1.3.5...

5.4CVSS7AI score0.00242EPSS
Exploits0References1Affected Software1
mscve
mscve
added 2024/10/23 7:0 a.m.6 views

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

...

6.5CVSS6.9AI score0.00882EPSS
Exploits0
nessus
nessus
added 2024/10/23 12:0 a.m.19 views

CBL Mariner 2.0 Security Update: mysql (CVE-2024-21196)

The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21196 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: X Plugin. Supported versions tha...

6.5CVSS6.8AI score0.00882EPSS
Exploits0References2
nessus
nessus
added 2024/10/17 12:0 a.m.32 views

Oracle MySQL Server 8.x < 8.4.3 (January 2025 CPU)

The versions of MySQL Server installed on the remote host are affected by a vulnerability as referenced in the January 2024 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging Kerberos. Supported versions that are affected are 8.0.39 and prior,...

9.1CVSS6.4AI score0.17301EPSS
Exploits3References37
nessus
nessus
added 2024/10/17 12:0 a.m.40 views

Oracle MySQL Server 9.x < 9.1.0 (January 2025 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2025 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging Kerberos. Supported versions that are affected are 8.0.39 and...

9.1CVSS6.5AI score0.17301EPSS
Exploits2References38
osv
osv
added 2024/10/15 8:15 p.m.6 views

AZL-50460 CVE-2024-21196 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: X Plugin. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS7.3AI score0.00882EPSS
Exploits0References1
osv
osv
added 2024/10/15 8:15 p.m.4 views

UBUNTU-CVE-2024-21196

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: X Plugin. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS7.2AI score0.00882EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/06/24 12:29 p.m.18 views

CVE-2024-37109 WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary PHP Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7...

9.9CVSS7.4AI score0.00532EPSS
Exploits0References1
susecve
susecve
added 2023/10/31 2:29 a.m.1 views

SUSE CVE-2020-14870

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: X Plugin. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS6.5AI score0.02231EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/06/07 12:0 a.m.6 views

WordPress Plugin Brilliance 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS6.5AI score0.00979EPSS
Exploits1References6
nvd
nvd
added 2023/05/12 3:15 p.m.25 views

CVE-2023-23867

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gautam Thapar Button Builder – Buttons X plugin = 0.8.6 versions...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References1
osv
osv
added 2023/05/12 3:15 p.m.6 views

CVE-2023-23867

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gautam Thapar Button Builder – Buttons X plugin = 0.8.6 versions...

5.4CVSS6.7AI score0.00361EPSS
Exploits0References1
prion
prion
added 2023/05/12 3:15 p.m.15 views

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gautam Thapar Button Builder – Buttons X plugin = 0.8.6 versions...

4.9CVSS5.2AI score0.00361EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2023/05/12 2:39 p.m.8 views

CVE-2023-23867 WordPress Button Builder – Buttons X Plugin <= 0.8.6 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gautam Thapar Button Builder – Buttons X plugin = 0.8.6 versions...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References1
f5
f5
added 2023/02/21 7:56 p.m.41 views

K63545041: Server component of Oracle MySQL vulnerabilities CVE-2017-3317, CVE-2017-3318, and CVE-2017-3319

Security Advisory Description CVE-2017-3317 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Logging. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker...

4CVSS5.4AI score0.01346EPSS
Exploits0
Rows per page
Query Builder