Lucene search
K

213680 matches found

Prion
Prion
added 2024/03/13 4:15 p.m.14 views

Design/Logic Flaw

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers...

5.5CVSS6.7AI score0.00362EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.12 views

Cross site scripting

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS6.1AI score0.00402EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.20 views

Cross site scripting

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.4CVSS6.3AI score0.00577EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.26 views

Cross site scripting

The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

5.5CVSS5.9AI score0.00399EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Cross site scripting

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible...

5.8CVSS6.5AI score0.0061EPSS
Exploits0References4
Prion
Prion
added 2024/03/13 4:15 p.m.11 views

Input validation

The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitformsupdateformentry AJAX action in all versions up to, and...

5CVSS7AI score0.00481EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.20 views

Input validation

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to upload...

6.5CVSS8.2AI score0.01497EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.18 views

Cross site scripting

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2width attribute in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS6AI score0.00532EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.14 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/plusedit.php...

7.8AI score0.00242EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 4:15 p.m.25 views

Cross site scripting

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.15.1 due to insufficient input sanitizati...

5.5CVSS5.9AI score0.00563EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.11 views

Design/Logic Flaw

The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add...

4CVSS6.9AI score0.00533EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.30 views

Input validation

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...

7AI score0.23072EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 4:15 p.m.24 views

Input validation

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from...

7AI score0.02313EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 4:15 p.m.15 views

Design/Logic Flaw

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getattendeesemailbyeventid function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, wi...

5CVSS6.9AI score0.00444EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Deserialization of untrusted data

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the playpodcastdata post meta. This makes it possible for authenticated...

6.5CVSS7.3AI score0.0099EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.13 views

Cross site scripting

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'linkurl' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.5CVSS6.1AI score0.00532EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.24 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.10.6...

5.4CVSS6.9AI score0.00418EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 4:15 p.m.14 views

Cross site scripting

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...

5.5CVSS6AI score0.00501EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.21 views

Cross site scripting

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.5CVSS6.1AI score0.00516EPSS
Exploits0References4
Prion
Prion
added 2024/03/13 4:15 p.m.22 views

Authorization

The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscribe...

4CVSS6.7AI score0.00533EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.8 views

Sql injection

The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS7.7AI score0.00773EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Deserialization of untrusted data

The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with contributor access and...

4.6CVSS7.4AI score0.01154EPSS
Exploits0References4
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Input validation

The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level...

5CVSS6.9AI score0.00472EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.20 views

Cross site scripting

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS6.1AI score0.00423EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Cross site scripting

The Sky Addons for Elementor Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versions up to, and including, 2.4.0 due to insufficient input...

5.5CVSS6AI score0.00423EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.13 views

Cross site scripting

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

5.8CVSS6.8AI score0.0061EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.18 views

Cross site scripting

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping...

5.8CVSS6.3AI score0.00466EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.21 views

Cross site scripting

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.4CVSS6.3AI score0.67723EPSS
Exploits1References2
Prion
Prion
added 2024/03/13 4:15 p.m.25 views

Sql injection

The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter an...

5.8CVSS7.5AI score0.0089EPSS
Exploits0References6
Prion
Prion
added 2024/03/13 4:15 p.m.15 views

Cross site scripting

The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

5.8CVSS6.8AI score0.00466EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.25 views

Hardcoded credentials

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII...

5CVSS7AI score0.00789EPSS
Exploits3References5
Prion
Prion
added 2024/03/13 4:15 p.m.16 views

Cross site scripting

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...

5.5CVSS6.2AI score0.01593EPSS
Exploits12References2
Prion
Prion
added 2024/03/13 3:15 p.m.20 views

Path traversal

Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage...

5CVSS5.4AI score0.00464EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 3:15 p.m.11 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

7.2AI score
Exploits0
Prion
Prion
added 2024/03/13 3:15 p.m.33 views

Directory traversal

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially craft...

7.5CVSS9.4AI score0.41741EPSS
Exploits4References2
Prion
Prion
added 2024/03/13 3:15 p.m.20 views

Design/Logic Flaw

In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag...

6.4CVSS7.2AI score0.00385EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 2:15 p.m.29 views

Cross site scripting

The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletags' attribute of the Rubix widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS5.7AI score0.00434EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 2:15 p.m.25 views

Race condition

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Check mailbox/SMT channel for consistency On reception of a completion interrupt the shared memory area is accessed to retrieve the message header at first and then, if the message sequence number identifies a...

6.8AI score0.00174EPSS
Exploits0References5
Prion
Prion
added 2024/03/13 2:15 p.m.34 views

Cross site scripting

The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings'titletags'' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible f...

5.5CVSS5.7AI score0.00335EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 2:15 p.m.23 views

Spoofing

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASELOCKOWNER The test on socount in nfsd4releaselockowner is nonsense and harmful. Revert to using checkforlocks, changing that to not sleep. First: harmful. As is documented in the kdoc comment for...

6.8AI score0.00195EPSS
Exploits0References4
Prion
Prion
added 2024/03/13 2:15 p.m.18 views

Cross site scripting

JFrog Artifactory versions below 7.77.7, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism...

6.8CVSS8.2AI score0.00502EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 2:15 p.m.29 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/modulemain.php...

7.5AI score0.00323EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 2:15 p.m.30 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/diyedit.php...

7.5AI score0.00316EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 1:15 p.m.23 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/articleedit.php...

7.5AI score0.00347EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 1:15 p.m.25 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/articleadd.php...

7.5AI score0.00323EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 1:15 p.m.20 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/catalogedit.php...

7.5AI score0.00219EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 1:15 p.m.21 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/mychanneladd.php...

7.5AI score0.00383EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 1:15 p.m.19 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/archivesdo.php...

7.5AI score0.00205EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 1:15 p.m.24 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/mediaadd.php...

7.5AI score0.00195EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 1:15 p.m.17 views

Cross site request forgery (csrf)

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/catalogdel.php...

7.5AI score0.00332EPSS
Exploits1References1
Total number of security vulnerabilities213680