Lucene search
K

213680 matches found

Prion
Prion
added 2024/03/13 4:15 p.m.11 views

Cross site scripting

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.5CVSS5.9AI score0.00501EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Cross site request forgery (csrf)

The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to add related...

5.8CVSS6.7AI score0.00285EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Deserialization of untrusted data

The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with contributor access and...

4.6CVSS7.4AI score0.01154EPSS
Exploits0References4
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Input validation

The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level...

5CVSS6.9AI score0.00472EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Design/Logic Flaw

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents...

4CVSS6.7AI score0.00658EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.18 views

Cross site scripting

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

5.5CVSS6AI score0.00505EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.11 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/diyadd.php...

7.8AI score0.00482EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Cross site scripting

The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This mak...

3.2CVSS6AI score0.00398EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.21 views

Cross site scripting

The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitizatio...

5.5CVSS6.1AI score0.00416EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.25 views

Design/Logic Flaw

The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and...

7.5CVSS6.9AI score0.01155EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.15 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 2.8.0...

6CVSS6.9AI score0.00419EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 4:15 p.m.22 views

Design/Logic Flaw

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bookingexportall function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...

4CVSS6.9AI score0.0053EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Directory traversal

The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on th...

6.5CVSS7AI score0.01235EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.25 views

Cross site scripting

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS6AI score0.00423EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.25 views

Information disclosure

The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpspdisplay function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, priva...

5CVSS6.7AI score0.00653EPSS
Exploits0References4
Prion
Prion
added 2024/03/13 4:15 p.m.18 views

Cross site scripting

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS6AI score0.00423EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.18 views

Cross site scripting

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.5CVSS6AI score0.00406EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.23 views

Cross site scripting

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it...

5.8CVSS6.6AI score0.00592EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Cross site scripting

The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

3.2CVSS6AI score0.00685EPSS
Exploits1References3
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Cross site scripting

The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied...

5.5CVSS5.9AI score0.00435EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.15 views

Cross site scripting

The Sky Addons for Elementor Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versions up to, and including, 2.4.0 due to insufficient input...

5.5CVSS6AI score0.00423EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.15 views

Cross site scripting

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS6AI score0.00423EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Cross site request forgery (csrf)

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticat...

4.3CVSS6.7AI score0.00232EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.20 views

Privilege escalation

The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saveduserinfo function. This makes it possible for...

6.5CVSS7.1AI score0.00756EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.30 views

Input validation

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...

7AI score0.23072EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 4:15 p.m.11 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/syscacheup.php...

7.8AI score0.00233EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 4:15 p.m.20 views

Cross site scripting

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.4CVSS6.3AI score0.67723EPSS
Exploits1References2
Prion
Prion
added 2024/03/13 4:15 p.m.11 views

Design/Logic Flaw

The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and abov...

4CVSS6.8AI score0.00428EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Cross site scripting

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping...

5.8CVSS6.3AI score0.00466EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Cross site scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Data Table widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output...

5.5CVSS6AI score0.00421EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.12 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/articlekeywordsmain.php...

7.8AI score0.00237EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 4:15 p.m.20 views

Cross site request forgery (csrf)

The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'postingbulk' function. This makes it possible for...

4.3CVSS6.8AI score0.00303EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Design/Logic Flaw

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyformsnewpage function in all versions up to, and including,...

4CVSS7AI score0.00507EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.12 views

Cross site scripting

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

5.8CVSS6.8AI score0.0061EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.23 views

Sql injection

The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter an...

5.8CVSS7.5AI score0.0089EPSS
Exploits0References6
Prion
Prion
added 2024/03/13 4:15 p.m.12 views

Cross site scripting

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

5.5CVSS6.2AI score0.00392EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Code injection

The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...

5CVSS6.9AI score0.0053EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.20 views

Input validation

The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive...

5CVSS6.9AI score0.00621EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.11 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/mychanneledit.php...

7.8AI score0.00371EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 4:15 p.m.23 views

Design/Logic Flaw

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email...

5CVSS7AI score0.00802EPSS
Exploits0References4
Prion
Prion
added 2024/03/13 4:15 p.m.13 views

Cross site scripting

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.5CVSS6.1AI score0.00409EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.18 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not hold a reference to...

7.1AI score0.00302EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.15 views

Design/Logic Flaw

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM...

2.3CVSS7.1AI score0.00204EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 4:15 p.m.22 views

Cross site scripting

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumfbchatappid' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS6AI score0.00413EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.20 views

Design/Logic Flaw

The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkduitkuresponse function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status ...

5CVSS7AI score0.0063EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.14 views

Cross site scripting

The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bursttotalpageviewscount' custom meta field in all versions up to, and including, 1.5.6.1 due to insufficient input sanitization and output escaping on user...

5.5CVSS5.8AI score0.00516EPSS
Exploits0References4
Prion
Prion
added 2024/03/13 4:15 p.m.24 views

Design/Logic Flaw

The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawalletexportusersearch function in all versions up to, and including, 1.4.10. This...

4CVSS6.7AI score0.00441EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.25 views

Cross site scripting

The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

4CVSS6.4AI score0.00867EPSS
Exploits0References10
Prion
Prion
added 2024/03/13 4:15 p.m.11 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/freelistmain.php...

7.8AI score0.00242EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 4:15 p.m.23 views

Design/Logic Flaw

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4CVSS6.7AI score0.00578EPSS
Exploits0References2
Total number of security vulnerabilities213680