Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.8 views

Visual Website Collaboration, Feedback & Project Management – Atarim < 3.31 - Unauthenticated Stored Cross-Site Scripting

Description The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00463EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.11 views

Chauffeur Taxi Booking System for WordPress < 7.0 - Authentication Bypass

Description The Chauffeur Taxi Booking System for WordPress plugin for WordPress is vulnerable to authenticated bypass in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity. This makes it possible for unauthenticated attackers to perform...

8.2CVSS6.5AI score0.00361EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.16 views

UserPro < 5.1.9 - Unauthenticated Account Takeover to Privilege Escalation

Description The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthenticated account takeover in all versions up to, and including 5.1.8. This makes it possible for unauthenticated attackers to take over user accounts and gain highly privileged acces...

9.8CVSS9.4AI score0.00487EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.14 views

Responsive Owl Carousel for Elementor < 1.2.1 - Local File Inclusion

Description The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execut...

8.8CVSS9.6AI score0.00688EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.14 views

Responsive video embed < 0.5.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC As a contributor, create a...

8.2AI score0.00367EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.18 views

WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce < 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode

Description The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input...

6.4CVSS5.8AI score0.00321EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.18 views

The Events Calendar Free & Pro <= 6.4.0 - Contributor+ Missing Authorization to Authenticated Arbitrary Events Access

Description Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access of data due to a insufficient capability checks and restrictions on a function in various versions. This makes it possible for authenticated attackers, with Contributor-level access and above, to access...

6.9AI score0.00464EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.14 views

Happy Addons for Elementor < 3.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation Widget

Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user supplie...

6.4CVSS5.8AI score0.00329EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.20 views

Advanced Custom Fields < 6.3 - Contributor+ Custom Field Access

Description The plugin allows you to display custom field values for any post via shortcode without checking for the correct access PoC 1. ADMIN: Install Advanced Custom Fields or ACF Pro 2. ADMIN: Create a new field group for posts and add a field to that 3. ADMIN: Fill in content for posts...

9.3AI score0.00428EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.17 views

Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Authenticated (Author+) Server-Side Request Forgery

Description The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the uploadtolibrary AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to mak...

6.4CVSS6.5AI score0.0026EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.18 views

Download Manager < 3.2.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode

Description The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00342EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.25 views

HTML5 Video Player < 2.5.27 - Unauthenticated SQLi

Description The plugin does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks PoC % time curl "https://example.com/?restroute=/h5vp/v1/video/1=1'+OR+SELECT+1+FROM+SELECTSLEEP5xyz--+-"...

7.2AI score0.02618EPSS
Exploits6Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.14 views

Simple Like Page Plugin < 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00276EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.14 views

PopupAlly < 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The PopupAlly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.7AI score0.00276EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.9 views

Comparison Slider <= 1.0.5 - Cross-Site Request Forgery

Description The Comparison Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on several functions hooked to AJAX actions. This makes it possible for unauthenticated attackers to...

4.3CVSS6.4AI score0.00179EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.14 views

WPB Elementor Addons < 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it...

6.4CVSS5.8AI score0.00229EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.13 views

Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode

Description The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'llrmloginlogout' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS7.8AI score0.00267EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.13 views

AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.5 - Missing Authorization

Description The AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to perform an unauthorized action...

9.8CVSS6.6AI score0.00344EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.18 views

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.1.3 - Missing Authorization to Arbitrary Options Update

Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postxpresetscallback' function in all versions up to, and including, 4.1.2. This makes it possible for...

8.8CVSS6.4AI score0.01426EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.13 views

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.108 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field

Description The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user...

5.4CVSS5AI score0.00257EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.11 views

List categories < 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The List categories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'categories' shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS7.8AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.19 views

HUSKY – Products Filter Professional for WooCommerce < 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS5.8AI score0.00334EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.11 views

WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_addcomment

Description The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodoaddcomment function. This makes it possible for unauthenticated attackers to add comments to to ...

4.3CVSS6.4AI score0.00224EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.13 views

Font Farsi <= 1.6.6 - Administrator+ Stored Cross-Site Scripting

Description The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS5.7AI score0.00255EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.12 views

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce < 5.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget

Description The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.7AI score0.00273EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.14 views

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.1.2 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS5.7AI score0.00326EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.7 views

Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection < 10.24 - Missing Authorization to Information Expsoure

Description The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbotsgetajaxdata function in all versions up to, and including, 10.23. This makes it...

4.3CVSS6.4AI score0.00343EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.17 views

Fastly < 1.2.26 - Missing Authorization

Description The Fastly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in versions up to, and including, 1.2.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform...

4.3CVSS6.4AI score0.00277EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.15 views

WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_manage()

Description The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodomanage function. This makes it possible for unauthenticated attackers to add new todo items via ...

4.3CVSS6.4AI score0.00222EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.26 views

Praison SEO WordPress <= 4.0.15 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Praison SEO WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...

6.5CVSS5.6AI score0.00256EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.13 views

AffiEasy < 1.1.7 - Cross-Site Request Forgery to Various Actions

Description The AffiEasy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to plugin improperly releasing the tagged and patched version of the plugin - the vulnerable version is used as the core files, while the patched...

6.5CVSS6.4AI score0.0022EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.9 views

WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings

Description The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodosettings function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS6.3AI score0.00224EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.15 views

WP Next Post Navi <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WP Next Post Navi plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to...

5.9CVSS5.7AI score0.00259EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.14 views

Comparison Slider <= 1.0.5 - Missing Authorization

Description The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to...

4.3CVSS6.4AI score0.00264EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.18 views

BookingPress < 1.0.83 - Missing Authorization to Appointment Time Alteration

Description The BookingPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in versions up to, and including, 1.0.82. This makes it possible for unauthenticated attackers to alter the duration of appointments...

6.5CVSS9.2AI score0.00368EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.16 views

WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings

Description The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS5.7AI score0.00318EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.13 views

Crafthemes Demo Import <= 3.3 - Missing Authorization to Arbitrary Plugin Installation

Description The Crafthemes Demo Import plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the ctctdiinstallplugin function in versions up to, and including, 3.3. This makes it possible for authenticated attackers, with...

7.6CVSS6.7AI score0.00333EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.13 views

POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress < 2.9.4 - Administrator+ SQL Injection

Description The POST SMTP – The 1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insufficient escaping on the user...

7.2CVSS7.2AI score0.00495EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.23 views

Tainacan < 0.21.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Tainacan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.21.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.7AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.21 views

Tainacan < 0.21.4 - Unauthenticated Stored Cross-Site Scripting

Description The Tainacan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 0.21.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that wi...

7.1CVSS5.9AI score0.00311EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.17 views

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) < 2.7.20 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

Description The PowerPack Addons for Elementor Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘ppanimatedgradientbgcolor’ parameter in all versions up to, and including, 2.7.19 due to insufficient input sanitization and...

6.4CVSS5.8AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.7 views

Debug Log – Manger Tool < 1.5 - Unauthenticated Information Exposure via Logs

Description The Debug Log – Manger Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in...

5.3CVSS6.3AI score0.00344EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.9 views

Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remotecontent' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.1AI score0.00267EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.9 views

Comparison Slider <= 1.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The Comparison Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider title parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.0025EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.11 views

Essential Addons for Elementor < 5.9.22 - Contributor+ Stored Cross-Site Scripting via Twitter Feed

Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Feed component in all versions up to, and including, 5.9.21 due to insufficient input sanitization and...

6.4CVSS5.8AI score0.00329EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.16 views

Testimonial Carousel For Elementor <= 10.2.2 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions ...

6.4CVSS5.7AI score0.00326EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.12 views

Download Monitor < 4.9.14 - Missing Authorization

Description The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlmuninstallplugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin...

5.4CVSS6.4AI score0.00298EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.11 views

Gum Elementor Addon < 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price Table and Post Slider Widgets

Description The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00342EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.18 views

Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification

Description The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level...

5CVSS4.9AI score0.00316EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.13 views

Simple Popup Manager <= 1.3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Simple Popup Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00275EPSS
Exploits0References1
Total number of security vulnerabilities14602