Lucene search
K

213680 matches found

Prion
Prion
added 2024/02/29 1:43 a.m.30 views

Cross site scripting

The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

3.2CVSS6.1AI score0.00516EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 1:43 a.m.36 views

Cross site scripting

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization...

6.4CVSS6.4AI score0.00572EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.21 views

Design/Logic Flaw

A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in...

2.6CVSS7.2AI score0.00771EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.22 views

Cross site request forgery (csrf)

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the addtowishlist function. This makes it possible for unauthenticated attackers to add...

4.3CVSS6.6AI score0.00224EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.27 views

Design/Logic Flaw

The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible fo...

4CVSS6.9AI score0.00308EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.22 views

Cross site scripting

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

5.5CVSS6AI score0.00531EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.24 views

Design/Logic Flaw

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...

4CVSS6.8AI score0.00538EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.20 views

Cross site scripting

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.9.8 due to insufficient input...

5.5CVSS6AI score0.00445EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.27 views

Design/Logic Flaw

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzywizardstepprocess' and 'importstatus' functions in all versions up to, and...

4CVSS6.8AI score0.00518EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:43 a.m.30 views

Cross site request forgery (csrf)

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the removefromcompare function. This makes it possible for unauthenticated attackers to...

4.3CVSS6.6AI score0.00208EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.30 views

Cross site scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Content Ticker arrow attribute in all versions up to, and including, 5.9.8 due to insufficient input sanitization and outpu...

5.5CVSS6AI score0.00446EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.27 views

Cross site scripting

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all versions up to, and including, 2.6.6 due to insufficient input sanitization and output escaping...

3.2CVSS6AI score0.00339EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.26 views

Default credentials

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata includin...

5CVSS7AI score0.00486EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.33 views

Cross site request forgery (csrf)

The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctfautosavetokens function. This makes it possible for...

4.3CVSS6.9AI score0.01007EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.31 views

Cross site scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS6AI score0.00406EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.23 views

Cross site scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and...

4.9CVSS6AI score0.00427EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.25 views

Design/Logic Flaw

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitreview' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with...

5CVSS7.1AI score0.00409EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.19 views

Design/Logic Flaw

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppbremovesavedlayoutdata' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with...

4CVSS6.8AI score0.00659EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:43 a.m.24 views

Design/Logic Flaw

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

4CVSS6.7AI score0.00372EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.17 views

Cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Online Learning System V2 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit h...

5CVSS6.7AI score0.00714EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 1:43 a.m.36 views

Sql injection

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘searchkey’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS7.5AI score0.00714EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.38 views

Information disclosure

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...

5CVSS7.3AI score0.00461EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.23 views

Cross site request forgery (csrf)

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attackers to remove...

4.3CVSS6.6AI score0.00208EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.23 views

Cross site scripting

The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

3.2CVSS6AI score0.00491EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.24 views

Default credentials

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for...

5CVSS6.8AI score0.00486EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.16 views

Design/Logic Flaw

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wprupdateformactionmeta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update...

5CVSS7AI score0.00225EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.26 views

Cross site scripting

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke...

5.5CVSS6AI score0.00581EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:43 a.m.27 views

Cross site scripting

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject...

5.5CVSS6.4AI score0.00372EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.23 views

Design/Logic Flaw

A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode IMM could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the Device Console UI of an affected device. This vulnerabilit...

5CVSS7.3AI score0.00826EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:43 a.m.44 views

Design/Logic Flaw

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restorerecords function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

5CVSS7AI score0.00598EPSS
Exploits0References7
Prion
Prion
added 2024/02/29 1:43 a.m.24 views

Cross site scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization...

5.5CVSS6AI score0.00469EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:43 a.m.31 views

Cross site scripting

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient...

5.5CVSS6.1AI score0.00483EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.23 views

Cross site request forgery (csrf)

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated attackers to...

4.3CVSS6.6AI score0.00246EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.21 views

Cross site scripting

The Page scroll to id plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

5.5CVSS6.1AI score0.00439EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:43 a.m.62 views

Design/Logic Flaw

A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be...

1.7CVSS7.2AI score0.00419EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 1:43 a.m.27 views

Design/Logic Flaw

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level...

4CVSS6.7AI score0.00428EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.25 views

Cross site scripting

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.3.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

5.5CVSS6.1AI score0.00474EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.38 views

Authorization

Authorization Bypass Through User-Controlled Key vulnerability in NetIQ OpenText Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6...

3.3CVSS7.6AI score0.0019EPSS
Exploits0References1
Prion
Prion
added 2024/02/29 1:43 a.m.26 views

Cross site request forgery (csrf)

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modif...

4.3CVSS6.6AI score0.00208EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.25 views

Sql injection

A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/login.php. The manipulation of the argument txtpassword leads to sql injection. The attack can be launched...

6.5CVSS8AI score0.00755EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 1:43 a.m.19 views

Type confusion

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00833EPSS
Exploits1References5
Prion
Prion
added 2024/02/29 1:43 a.m.28 views

Type confusion

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6.3AI score0.02557EPSS
Exploits2References5
Prion
Prion
added 2024/02/29 1:43 a.m.22 views

Design/Logic Flaw

The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post content...

5CVSS7.2AI score0.00461EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.66 views

Design/Logic Flaw

A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been...

1.7CVSS7.3AI score0.00366EPSS
Exploits1References3
Prion
Prion
added 2024/02/29 1:43 a.m.33 views

Design/Logic Flaw

The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provided by the...

5CVSS7.2AI score0.00461EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.15 views

Cross site scripting

The Cost of Goods Sold COGS: Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'section' parameter in all versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping. This makes it possible for...

5.8CVSS6.8AI score0.00397EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.23 views

Cross site scripting

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input...

5.5CVSS6.1AI score0.00545EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.26 views

Cross site scripting

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

5.5CVSS6AI score0.00481EPSS
Exploits0References5
Prion
Prion
added 2024/02/29 1:43 a.m.37 views

Cross site scripting

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to...

5.5CVSS6.1AI score0.00598EPSS
Exploits0References3
Prion
Prion
added 2024/02/29 1:43 a.m.31 views

Sql injection

The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS7.5AI score0.0074EPSS
Exploits0References7
Total number of security vulnerabilities213680