Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

Unique <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Unique theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS6AI score0.00408EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

Eleblog – Elementor Blog And Magazine Addons <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

6.5CVSS5.9AI score0.00312EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

WP Media folder < 5.7.3 - Missing Authorization to Authenticated(Subscriber+) Title Modification

Description The wp-media-folder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber access and above, to...

4CVSS6.5AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

Print My Blog – Print, PDF, & eBook Converter WordPress Plugin < 3.26.3 - Missing Authorization

Description The Print My Blog – Print, PDF, & eBook Converter WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions like the saveProjectGenerate function in all versions up to, and including, 3.26.2. This...

5.3CVSS6.7AI score0.00454EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net < 1.1.4.3 - Reflected Cross-Site Scripting

Description The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.1.4.2 due to insufficient input sanitization and output escaping. This makes it possibl...

7.1CVSS6.3AI score0.00372EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

Tumult Hype Animations < 1.9.13 - Authenticated (Author+) Arbitrary File Upload

Description The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the hypeanimationspanelupload functionin all versions up to, and including, 1.9.12. This makes it possible for authenticated attackers, with author-level...

9.1CVSS7.7AI score0.00679EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

iPanorama 360 WordPress Virtual Tour Builder < 1.8.2 - Missing Authorization

Description The iPanorama 360 WordPress Virtual Tour Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a REST API endpoint in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to view deactivated...

5.3CVSS6.7AI score0.00424EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution

Description The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

6.5CVSS7.3AI score0.00284EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

Masteriyo - LMS < 1.7.4 - Insecure Direct Object Reference

Description The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.7.3 via the REST API due to missing validation on a user controlled key. This makes it possible for...

6.5AI score0.00843EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

Robo Gallery < 3.2.19 - Unauthenticated Information Exposure

Description The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.18. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

5.3CVSS6.7AI score0.0047EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

The Plus Addons for Elementor < 5.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00544EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/06 12:0 a.m.19 views

ClickCease Click Fraud Protection < 3.2.5 - Improper Authorization to sensitive information exposure via get_settings

Description The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the getsettings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access a...

4.3CVSS6.5AI score0.00367EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/03 12:0 a.m.19 views

WP Time Slots Booking Form < 1.2.07 - Unauthenticated Price Manipulation

Description The WP Time Slots Booking Form plugin for WordPress is vulnerable to price manipulation due to insufficient server-side validation of prices in versions up to, and including, 1.2.06. This makes it possible for unauthenticated attackers to alter the price of bookings...

7.5CVSS7.1AI score0.00417EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/03 12:0 a.m.19 views

Customer Email Verification for WooCommerce < 2.7.5 - Authentication Bypass

Description The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to...

8.1CVSS7.2AI score0.0085EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/03 12:0 a.m.19 views

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) < 2.8.8 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS6.1AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/02 12:0 a.m.19 views

Last Viewed Posts by WPBeginner < 1.0.1 - Unauthenticated PHP Object Injection

Description The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Objec...

9.8CVSS7.7AI score0.01158EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.19 views

Hide Dashboard Notifications < 1.3 - Cross-Site Request Forgery

Description The Hide Dashboard Notifications plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the warningnoticessettings function. This makes it possible for unauthenticated...

4.3CVSS6.3AI score0.00201EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.19 views

Custom field finder < 0.4 - Authenticated (Author+) PHP Object Injection

Description The Custom field finder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.3 via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. No known...

5.4CVSS7.4AI score0.00313EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

Royal Elementor Kit < 1.0.117 - Cross-Site Request Forgery to Notice Dismissal

Description The Royal Elementor Kit theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.116. This is due to missing or incorrect nonce validation on the dismissedhandler function. This makes it possible for unauthenticated attackers to dismiss...

4.3CVSS6.6AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

Inline Google Spreadsheet Viewer <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Inline Google Spreadsheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdoc' shortcode in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping on user supplied attributes such as...

6.4CVSS5.8AI score0.00424EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

Grid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated(Contributor+) PHP Object Injection via shortcode

Description The Grid Gallery – Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of untrusted input from the awlggsettings meta value. This makes it possible for authenticated attackers...

7.5CVSS7.1AI score0.00868EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

Print Labels with Barcodes < 3.4.7 - Subscriber+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the template and javascript label fields due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pag...

6.4CVSS5.8AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

Booking Ultra Pro < 1.1.13 - Authenticated (Contributor+) Privilege Escalation

Description The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor-level access and above, to escalate their privileges...

8.8CVSS7.3AI score0.00448EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.0 - Insecure Direct Object Reference

Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missing validation on a user controlled key in the pgshowmsgpanel function. This makes it...

8.8CVSS6.7AI score0.00448EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

Contest Gallery < 21.3.5 - Authenticated (Author+) Arbitrary File Deletion

Description The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including, 21.3.4. This...

8.5CVSS6.7AI score0.00612EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

VK Block Patterns < 1.31.1.1 - Missing Authorization

Description The VK Block Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vbpclearpatternscache function in versions up to, and including, 1.31.0. This makes it possible for unauthenticated attackers to clear the patterns...

5.3CVSS6.9AI score0.00381EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.11.1 - Cross-Site Request Forgery to Notice Dismissal

Description The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.0. This is due to missing or incorrect nonce validation on the...

4.3CVSS6.6AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.29 - Missing Authorization

Description The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.0.28. This makes it possible for...

9.1CVSS6.7AI score0.00568EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/25 12:0 a.m.19 views

Product Addons & Fields for WooCommerce < 32.0.19 - Unauthenticated Arbitrary File Upload via ppom_upload_file

Description The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppomuploadfile function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload...

9.8CVSS8.2AI score0.0137EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/25 12:0 a.m.19 views

Newsletter Popup <= 1.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Newsletter Popup Add New...

4.9AI score0.00372EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/25 12:0 a.m.19 views

Testimonial Slider < 2.3.8 - Admin+ Stored Cross-Site Scripting

Description The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5AI score0.00442EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.19 views

Mortgage Calculators WP < 1.60 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Mortgage Calculators WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.19 views

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.16 - Contributor+ Stored Cross-Site Scripting

Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eaelteammembersimagerounded parameter in the Team Members widget in all versions up to, and including, 5.9.15 d...

6.4CVSS5.9AI score0.0048EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.19 views

WP Prayer <= 2.0.9 - Email Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Make a logged in admin open an HTML file containing:...

6.3AI score0.00347EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.19 views

Tutor LMS – eLearning and online course solution < 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutorinstructorlist' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user suppli...

5.4CVSS5.9AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.19 views

Zero Spam < 5.5.7 - Spam Protection Bypass

Description The plugin is vulnerable to bypass, allowing unauthenticated attackers to bypass spam protections in place...

5.3CVSS9.5AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.19 views

wpDiscuz < 7.6.16 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text

Description The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.9AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.19 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.19 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode

Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmediagallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

8.8CVSS7.6AI score0.01405EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.19 views

Colibri Page Builder < 1.0.264 - Author+ Stored Cross-Site Scripting

Description The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00424EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.19 views

PostX < 4.0.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Create a new Post and add "Ultimate...

8.2AI score0.00416EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/19 12:0 a.m.19 views

Essential Addons for Elementor Pro < 5.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_html_tag'

Description The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as...

6.4CVSS5.9AI score0.00333EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/19 12:0 a.m.19 views

VikBooking < 1.6.8 - Broken Access Control

Description The plugin's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting categories for example despite initial settings prohibitin...

6.5AI score0.0028EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/18 12:0 a.m.19 views

Essential Blocks < 4.5.10 - Contributor+ DOM-Based XSS via Social Icons Block

Description The plugin is vulnerable to Stored Cross-Site Scripting via the "Social Icons" block due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary...

5.4CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/18 12:0 a.m.19 views

Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook <= 1.1.12 - Authenticated (Administrator+) SQL Injection

Description The Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.6CVSS7.2AI score0.00515EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.19 views

Jobs for WordPress < 2.7.6 - Reflected Cross-Site Scripting

Description The Jobs for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.2AI score0.00397EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.19 views

Siteimprove < 2.0.7 - Cross-Site Request Forgery

Description The Siteimprove plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on two functions. This makes it possible for unauthenticated attackers to request a token via a forged request...

5.4CVSS6.7AI score0.00209EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.19 views

GEO my WordPress < 4.2 - Cross-Site Request Forgery

Description The GEO my WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a...

5.4CVSS6.5AI score0.00209EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.19 views

Libsyn Publisher Hub <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Libsyn Publisher Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.19 views

WP Meta SEO < 4.5.13 - Unauthenticated Password Protected Content Access

Description The plugin is vulnerable to Sensitive Information Exposure via the meta description, allowing unauthenticated attackers to disclose potentially sensitive information via the meta description of password-protected posts...

5.3CVSS6.3AI score0.00438EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.19 views

Aspose.Words Exporter <= 6.3.1 - Missing Authorization

Description The Aspose.Words – Import and Export word documents plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.3.1. This makes it possible for authenticated attackers, with subscriber-level access a...

4.3CVSS6.2AI score0.00376EPSS
Exploits0References1
Total number of security vulnerabilities5000