Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
PrionRecent
RecentMost viewed

213680 matches found

Prion
Prionadded 2024/03/13 4:15 p.m.13 views

Cross site scripting

The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'flbuilderdatanodepreviewlink' and 'flbuilderdatasettingslinktarget' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This...

4.9CVSS6AI score0.00193EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.18 views

Cross site scripting

The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied...

5.5CVSS5.9AI score0.00173EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.15 views

Deserialization of untrusted data

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the playpodcastdata post meta. This makes it possible for authenticated...

6.5CVSS7.3AI score0.00742EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.14 views

Deserialization of untrusted data

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpostshortcodemetaboxmarkup function. This makes it...

6.5CVSS7.4AI score0.0198EPSS
Exploits0References3
Prion
Prionadded 2024/03/13 4:15 p.m.18 views

Cross site scripting

The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and abov...

5.5CVSS6AI score0.00284EPSS
Exploits0References3
Prion
Prionadded 2024/03/13 4:15 p.m.18 views

Privilege escalation

The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saveduserinfo function. This makes it possible for...

6.5CVSS7.1AI score0.00176EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.17 views

Cross site scripting

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS6AI score0.00229EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.15 views

Deserialization of untrusted data

The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with contributor access and...

4.6CVSS7.4AI score0.01298EPSS
Exploits0References4
Prion
Prionadded 2024/03/13 4:15 p.m.15 views

Cross site scripting

DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via /dede/articleedit.php...

6.4AI score0.00263EPSS
Exploits1References1
Prion
Prionadded 2024/03/13 4:15 p.m.18 views

Design/Logic Flaw

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processreview' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish...

5CVSS6.9AI score0.04162EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.23 views

Design/Logic Flaw

The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and...

7.5CVSS6.9AI score0.26389EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.13 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/plusedit.php...

7.8AI score0.00117EPSS
Exploits1References1
Prion
Prionadded 2024/03/13 4:15 p.m.10 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/freelistmain.php...

7.8AI score0.00117EPSS
Exploits1References1
Prion
Prionadded 2024/03/13 4:15 p.m.17 views

Cross site scripting

The Easy Accordion – Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accordioncontentsource' attribute in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible...

5.5CVSS6AI score0.00196EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.16 views

Cross site scripting

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

5.5CVSS6AI score0.00206EPSS
Exploits0References3
Prion
Prionadded 2024/03/13 4:15 p.m.14 views

Cross site scripting

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This...

5.5CVSS6AI score0.00196EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.19 views

Cross site scripting

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it...

5.8CVSS6.6AI score0.01488EPSS
Exploits0References3
Prion
Prionadded 2024/03/13 4:15 p.m.16 views

Cross site scripting

The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

3.2CVSS6AI score0.00304EPSS
Exploits1References3
Prion
Prionadded 2024/03/13 4:15 p.m.16 views

Cross site scripting

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iconalign' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS6.1AI score0.00227EPSS
Exploits0References3
Prion
Prionadded 2024/03/13 4:15 p.m.19 views

Cross site scripting

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS6.1AI score0.00229EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.17 views

Cross site scripting

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.5CVSS6AI score0.00184EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.22 views

Cross site scripting

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS6AI score0.00229EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.14 views

Cross site scripting

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS6AI score0.00229EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.17 views

Directory traversal

The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...

6.5CVSS6.7AI score0.75513EPSS
Exploits0References3
Prion
Prionadded 2024/03/13 4:15 p.m.17 views

Privilege escalation

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

7.5CVSS7.6AI score0.01125EPSS
Exploits1References3
Prion
Prionadded 2024/03/13 4:15 p.m.12 views

Cross site scripting

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS6AI score0.00229EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.18 views

Cross site request forgery (csrf)

The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'postingbulk' function. This makes it possible for...

4.3CVSS6.8AI score0.001EPSS
Exploits0References3
Prion
Prionadded 2024/03/13 4:15 p.m.12 views

Cross site scripting

The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in...

3.6CVSS6.3AI score0.00229EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.21 views

Sql injection

The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter an...

5.8CVSS7.5AI score0.00642EPSS
Exploits0References6
Prion
Prionadded 2024/03/13 4:15 p.m.40 views

Sql injection

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS8.1AI score0.92912EPSS
Exploits8References6
Prion
Prionadded 2024/03/13 4:15 p.m.19 views

Cross site scripting

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.5CVSS6.1AI score0.00232EPSS
Exploits0References4
Prion
Prionadded 2024/03/13 4:15 p.m.18 views

Sql injection

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 6.9.1 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS7.8AI score0.00691EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.14 views

Cross site request forgery (csrf)

The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to add related...

5.8CVSS6.7AI score0.00168EPSS
Exploits0References3
Prion
Prionadded 2024/03/13 4:15 p.m.14 views

Design/Logic Flaw

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM...

2.3CVSS7.1AI score0.00035EPSS
Exploits0References1
Prion
Prionadded 2024/03/13 4:15 p.m.11 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/articledescriptionmain.php...

7.8AI score0.00123EPSS
Exploits1References1
Prion
Prionadded 2024/03/13 4:15 p.m.14 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2...

6CVSS6.9AI score0.00163EPSS
Exploits0References1
Prion
Prionadded 2024/03/13 4:15 p.m.16 views

Cross site scripting

The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for...

5.5CVSS6.1AI score0.00148EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.17 views

Cross site scripting

The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

3.2CVSS6AI score0.00442EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.11 views

Cross site scripting

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'linkurl' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.5CVSS6.1AI score0.00227EPSS
Exploits0References3
Prion
Prionadded 2024/03/13 4:15 p.m.12 views

Cross site scripting

DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via create file...

6.3AI score0.00248EPSS
Exploits1References1
Prion
Prionadded 2024/03/13 4:15 p.m.16 views

Cross site scripting

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible...

5.8CVSS6.5AI score0.01999EPSS
Exploits0References4
Prion
Prionadded 2024/03/13 4:15 p.m.6 views

Sql injection

The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS7.7AI score0.00304EPSS
Exploits0References3
Prion
Prionadded 2024/03/13 4:15 p.m.15 views

Design/Logic Flaw

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated...

5CVSS7.3AI score0.00115EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.14 views

Cross site scripting

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...

5.5CVSS6.2AI score0.10339EPSS
Exploits11References2
Prion
Prionadded 2024/03/13 4:15 p.m.19 views

Cross site scripting

The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitizatio...

5.5CVSS6.1AI score0.00183EPSS
Exploits0References2
Prion
Prionadded 2024/03/13 4:15 p.m.19 views

Cross site scripting

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.4CVSS6.3AI score0.27799EPSS
Exploits1References2
Prion
Prionadded 2024/03/13 4:15 p.m.11 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/articlekeywordsmain.php...

7.8AI score0.00128EPSS
Exploits1References1
Prion
Prionadded 2024/03/13 4:15 p.m.15 views

Design/Logic Flaw

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyformsnewpage function in all versions up to, and including,...

4CVSS7AI score0.0014EPSS
Exploits0References3
Prion
Prionadded 2024/03/13 4:15 p.m.20 views

Design/Logic Flaw

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email...

5CVSS7AI score0.0188EPSS
Exploits0References4
Prion
Prionadded 2024/03/13 4:15 p.m.10 views

Input validation

The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitformsupdateformentry AJAX action in all versions up to, and...

5CVSS7AI score0.00277EPSS
Exploits0References2
Total number of security vulnerabilities213680