Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.18 views

LearnPress – WordPress LMS Plugin < 4.2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.4CVSS6.5AI score0.00295EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.14 views

NextScripts: Social Networks Auto-Poster < 4.4.4 - Unauthenticated Stored Cross-Site Scripting via User Agent

Description The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTPUSERAGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

6.1CVSS6.2AI score0.00389EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.15 views

Automatic Translator with Google Translate <= 1.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom Font

Description The Automatic Translator with Google Translate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom font setting in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.7AI score0.00271EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.14 views

WP Scraper < 5.8 - Missing Authorization to Arbitrary Page/Post Creation

Description The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpscrapermultiscrapeaction function in all versions up to, and including, 5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, ...

4.3CVSS6.5AI score0.00343EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.9 views

WPB Elementor Addons < 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter

Description The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.12 views

Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Settings Update

Description The plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint, allowing unauthenticated attackers to modify the plugin's settings...

7.5CVSS6.8AI score0.0123EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.10 views

WP Shortcodes Plugin < 7.1.6 - Contributor+ Stored XSS via su_members Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.4CVSS5.8AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.13 views

Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced <= 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Toolbar Extras for Elementor & More – WordPress Admin Bar Enhanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tbex-version' shortcode in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on...

6.4CVSS5.8AI score0.00267EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.14 views

Media Library Assistant < 3.16 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting via the lang parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a use...

6.1CVSS6.4AI score0.00329EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.11 views

LuckyWP Table of Contents <= 2.1.4 - Reflected Cross-Site Scripting

Description The LuckyWP Table of Contents plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the attrs parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS8.5AI score0.0038EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.11 views

Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets

Description The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Switcher, Slider, and Iconbox widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS5.8AI score0.00321EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.11 views

MemberPress < 1.11.30 - Authenticated (Contributor+) Blind Server-Side Request Forgery via mepr-user-file Shortcode

Description The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests t...

8.5CVSS6.5AI score0.00294EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.10 views

WPB Elementor Addons < 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, =1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...

6.5CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.10 views

LuckyWP Table of Contents <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contribut...

5.5CVSS7.8AI score0.00328EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.15 views

Piotnet Addons For Elementor < 2.4.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Attributes

Description The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

7.2CVSS5.8AI score0.0031EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.11 views

AI ChatBot < 5.3.6 - Missing Authorization via openai_file_delete_callback

Description The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifiledeletecallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level acce...

7.7CVSS6.4AI score0.00363EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.23 views

Contact Form Plugin by Fluent Forms < 5.1.14 - Subscriber+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via form settings due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Fluent Forms settings, to inject arbitrary web scripts in pages that will execut...

9.8CVSS5.5AI score0.02333EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.12 views

Post Grid Elementor Addon < 2.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag

Description The Post Grid Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titletag parameter in versions up to, and including, 2.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00253EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.9 views

ShopLentor < 2.8.9 - Contributor+ Stored XSS via woolentorsearch Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.4CVSS5.8AI score0.00357EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.13 views

Happy Addons for Elementor < 3.10.9 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will...

6.4CVSS5.7AI score0.00413EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.11 views

HT Mega < 2.5.3 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘popoverheadertext’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts i...

6.4CVSS5.8AI score0.00357EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.13 views

HT Mega < 2.5.3 - Subscriber+ Options Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxdismiss' function, allowing authenticated attackers, with subscriber-level permissions and above, to update options such as userscanregister, which can lead to unauthorized user...

4.3CVSS6.5AI score0.00755EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.30 views

Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation

Description The plugin is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of th...

9.8CVSS6.6AI score0.02333EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.15 views

GiveWP < 3.11.0 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'giveform' shortcode when used with a legacy form due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS5.9AI score0.00283EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.15 views

Page Builder by SiteOrigin < 2.29.16 - Contributor+ Stored XSS via siteorigin_widget Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteoriginwidget' shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.4CVSS5.8AI score0.00357EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.7 views

ApplyOnline – Application Form Builder and Manager < 2.6.3 - Missing Authorization to Sensitive Information Exposure

Description The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aolmodalbox AJAX action in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, wi...

4.3CVSS6.4AI score0.00369EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.11 views

Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML tags

Description The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible fo...

6.4CVSS5.8AI score0.00257EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.15 views

NextScripts: Social Networks Auto-Poster < 4.4.4 - Cross-Site Request Forgery to Arbitrary Post Deletion

Description The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated...

5.4CVSS6.5AI score0.00181EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.15 views

Build App Online <= 1.0.21 - Authentication Bypass via Header

Description The plugin is vulnerable to authentication bypass due to missing authentication checking in the 'setusercart' function with the 'userid' header value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they hav...

7.4AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.154 views

Elementor Website Builder < 3.21.6 - Contributor+ DOM Stored XSS

Description The plugin is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hoveranimation’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web...

6.4CVSS5.9AI score0.00401EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.20 views

ElementsKit Pro < 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS5.7AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.22 views

Country State City Dropdown CF7 < 2.7.3 - Unauthenticated SQL Injection

Description The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

9.8CVSS7.4AI score0.13618EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.6 views

Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'print-me' shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'tag'. This makes it...

6.4CVSS5.8AI score0.00273EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.12 views

WPZOOM Addons for Elementor (Templates, Widgets) < 1.1.38 - Unauthenticated Local File Inclusion

Description The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'gridstyle' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

9.8CVSS7.9AI score0.01005EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.7 views

WPKoi Templates for Elementor < 2.5.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters

Description The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output...

6.4CVSS5.8AI score0.00345EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.18 views

Essential Blocks < 4.5.13 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages th...

6.4CVSS5.8AI score0.00468EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.7 views

WP Font Awesome Share Icons <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WP Font Awesome Share Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpfaisocial' shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00267EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.13 views

Essential Addons for Elementor < 5.9.16 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

6.5CVSS5.9AI score0.00143EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.11 views

Ninja Beaver Add-ons for Beaver Builder <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets

Description The Ninja Beaver Add-ons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes such as urls. This...

6.4CVSS5.9AI score0.00267EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.23 views

Contact Form Plugin by Fluent Forms < 5.1.17 - Contributor+ Stored XSS

Description The plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, and access granted by an...

7.2CVSS5.8AI score0.00387EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.25 views

LuckyWP Table of Contents <= 2.1.4 - Authenticated(Administrator+) Cross-Site Scripting

Description The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS4.6AI score0.00342EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.13 views

Media Library Assistant < 3.16 - Authenticated (Contributor+) SQL Injection via Shortcode

Description The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

8.8CVSS7.3AI score0.00531EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.20 views

ShopLentor < 2.8.8 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

6.5CVSS5.9AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.8 views

ShopLentor < 2.8.9 - Authenticated Option Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function. This makes it possible for authenticated attackers, with contributor-level access and above, to set arbitrary WordPress options to "true". NOTE: This...

7.1CVSS6.6AI score0.00406EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.13 views

Business Directory Plugin – Easy Listing Directories for WordPress < 6.4.3 - Unauthenticated SQL Injection via listingfields Parameter

Description The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of...

9.8CVSS7.3AI score0.10272EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.13 views

MemberPress < 1.11.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via arglist Parameter

Description The Memberpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arglist’ parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00265EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.15 views

Blocksy < 2.0.47 - Contributor+ Stored XSS

Description The theme is vulnerable to Stored Cross-Site Scripting via the ‘hasfieldlinkrel’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.13 views

AI ChatBot < 5.3.6 - Missing Authorization via openai_file_upload_callback

Description The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifileuploadcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level acce...

7.7CVSS6.5AI score0.00363EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.11 views

AI ChatBot < 5.3.6 - Missing Authorization via openai_file_list_callback

Description The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openaifilelistcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and...

5CVSS6.5AI score0.00383EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/20 12:0 a.m.9 views

JCH Optimize < 4.2.1 - Authenticated (Subscriber+) Directory Traversal

Description The JCH Optimize plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to access directory information on the Optimize Image page...

4.3CVSS6.5AI score0.00445EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602