Lucene search
K

213680 matches found

Prion
Prion
added 2024/03/13 4:15 p.m.15 views

Cross site scripting

The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access a...

5.5CVSS6AI score0.00532EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.24 views

Hardcoded credentials

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII...

5CVSS7AI score0.00789EPSS
Exploits3References5
Prion
Prion
added 2024/03/13 4:15 p.m.15 views

Cross site scripting

The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'flbuilderdatanodepreviewlink' and 'flbuilderdatasettingslinktarget' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This...

4.9CVSS6AI score0.00399EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Cross site scripting

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This...

5.5CVSS6AI score0.00399EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/mediaedit.php...

7.8AI score0.00229EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 4:15 p.m.18 views

Cross site scripting

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS6AI score0.00427EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Cross site scripting

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eaecustomoverlayswitcher’ attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possib...

5.5CVSS6.1AI score0.00501EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.24 views

Design/Logic Flaw

The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin even when privately published...

5CVSS7.3AI score0.00546EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.43 views

Sql injection

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS8.1AI score0.89431EPSS
Exploits8References6
Prion
Prion
added 2024/03/13 4:15 p.m.13 views

Cross site scripting

The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in...

3.6CVSS6.3AI score0.00382EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.15 views

Cross site scripting

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...

5.5CVSS6.2AI score0.01593EPSS
Exploits12References2
Prion
Prion
added 2024/03/13 4:15 p.m.15 views

Cross site scripting

The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

5.8CVSS6.8AI score0.00466EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.15 views

Use after free

The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibotupdate function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with...

4CVSS6.7AI score0.00585EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.18 views

Directory traversal

The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...

6.5CVSS6.7AI score0.06009EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.18 views

Cross site scripting

The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for...

5.5CVSS6.1AI score0.00413EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.21 views

Design/Logic Flaw

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processreview' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish...

5CVSS6.9AI score0.00674EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Cross site scripting

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible fo...

5.5CVSS5.9AI score0.00613EPSS
Exploits0References5
Prion
Prion
added 2024/03/13 4:15 p.m.13 views

Cross site scripting

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

5.8CVSS6.6AI score0.0048EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.21 views

Cross site scripting

The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parenturl’ parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and...

6.4CVSS6.2AI score0.00685EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Cross site scripting

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

5.5CVSS6.1AI score0.005EPSS
Exploits0References4
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Cross site scripting

The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

3.2CVSS6AI score0.0053EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Cross site scripting

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigationdots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.5CVSS6AI score0.00423EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.13 views

Cross site scripting

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

5.5CVSS6.2AI score0.00392EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.13 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/articlekeywordsmain.php...

7.8AI score0.00237EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Sql injection

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the questionid parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

6.5CVSS7.6AI score0.03135EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.14 views

Cross site scripting

DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via create file...

6.3AI score0.00472EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 4:15 p.m.11 views

Cross site scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's event calendar widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and outpu...

6.5CVSS6AI score0.00549EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.18 views

Cross site request forgery (csrf)

The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke...

4.3CVSS6.7AI score0.00303EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.20 views

Cross site scripting

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings'titletags' parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS6AI score0.00532EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Design/Logic Flaw

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status ...

4CVSS6.8AI score0.00575EPSS
Exploits0References4
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Privilege escalation

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

7.5CVSS7.6AI score0.01712EPSS
Exploits1References3
Prion
Prion
added 2024/03/13 4:15 p.m.23 views

Authorization

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log...

5CVSS7.2AI score0.50192EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.18 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2...

6CVSS6.9AI score0.00419EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Cross site scripting

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's reg-select-role shortcode in all versions up to, and including, 4.15.0 due to insufficient...

5.5CVSS6.1AI score0.00443EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Cross site scripting

The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and abov...

5.5CVSS6AI score0.00551EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.12 views

Design/Logic Flaw

The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribedownload function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access...

5CVSS7AI score0.00445EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Deserialization of untrusted data

The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via shortcode of untrusted input. This makes it possible for authenticated attackers, with contributor...

4.6CVSS7.4AI score0.01021EPSS
Exploits0References4
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Cross site scripting

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

5.5CVSS6AI score0.00423EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Cross site scripting

The Easy Accordion – Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accordioncontentsource' attribute in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible...

5.5CVSS6AI score0.00399EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Cross site scripting

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iconalign' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS6.1AI score0.00501EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.21 views

Information disclosure

The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API...

5CVSS6.9AI score0.00546EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.14 views

Cross site scripting

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyoutlayout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS6.1AI score0.00514EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.18 views

Cross site scripting

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.5CVSS6.1AI score0.00543EPSS
Exploits0References5
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Design/Logic Flaw

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated...

5CVSS7.3AI score0.00258EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.13 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/freelistedit.php...

7.8AI score0.00244EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Cross site scripting

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

5.5CVSS6.1AI score0.00509EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.22 views

Code injection

The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content...

5CVSS7AI score0.00542EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.23 views

Design/Logic Flaw

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wpsocial/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to...

6.4CVSS6.9AI score0.0044EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Cross site scripting

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.8CVSS6.7AI score0.00592EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Cross site request forgery (csrf)

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attacker...

4.3CVSS6.6AI score0.00239EPSS
Exploits0References2
Total number of security vulnerabilities213680