Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/05/17 12:0 a.m.22 views

Salient Shortcodes < 1.5.4 - Authenticated (Contributor+) Local File Inclusion via Shortcode

Description The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and...

8.8CVSS8.9AI score0.00619EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/17 12:0 a.m.13 views

Piotnet Addons For Elementor < 2.4.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Description The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.00342EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/17 12:0 a.m.15 views

DethemeKit For Elementor < 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Description The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.5AI score0.00354EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/17 12:0 a.m.16 views

Royal Elementor Addons and Templates < 1.3.975 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget

Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.8AI score0.00283EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/17 12:0 a.m.40 views

Salient Core < 2.0.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode

Description The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectaricon' shortcode 'iconlinea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include an...

7.5CVSS7.8AI score0.00632EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/17 12:0 a.m.12 views

WordPress Automatic < 3.95.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter

Description The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘autoplay’ parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS5.7AI score0.00274EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/17 12:0 a.m.17 views

Ghost < 1.5.0 - Unauthenticated Sensitive Information Exposure

Description The Ghost plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.0 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log...

7.5CVSS6AI score0.00721EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.16 views

Counter Up – Animated Number Counter & Milestone Showcase < 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Counter Up – Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.10 views

raindrops < 1.700 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The raindrops theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.600 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.14 views

Barcode Scanner with Inventory & Order Manager < 1.5.5 - Unauthenticated Information Exposure

Description The Barcode Scanner and Inventory manager. POS Point of Sale – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.4 via exported files. This makes it possible for...

5.3CVSS7AI score0.00585EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.10 views

SKT Addons for Elementor < 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Page Title

Description The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget Page Title in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00419EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.16 views

Sticky Social Link <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Sticky Social Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00279EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.11 views

Master Addons for Elementor < 2.0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titlehtmltag attribute in all versions up to, and including, 2.0.6.0 due to insufficient input sanitization and outpu...

6.4CVSS5.9AI score0.00257EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.12 views

Penci Soledad Data Migrator < 1.3.1 - Unauthenticated Local File Inclusion

Description The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

9.8CVSS8.2AI score0.00689EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.17 views

Debug Info <= 1.3.10 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Debug Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.9AI score0.00274EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.13 views

Easy Affiliate Links < 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Easy Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.5CVSS5.9AI score0.00411EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.24 views

AWSOM News Announcement <= 1.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The AWSOM News Announcement plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00437EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.13 views

TT Custom Post Type Creator <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The TT Custom Post Type Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00446EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.11 views

Brozzme Scroll Top <= 1.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Brozzme Scroll Top plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00446EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.14 views

Himalayas < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Himalayas theme for WordPress is vulnerable to Stored Cross-Site Scripting via author display names in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.5CVSS5.9AI score0.00255EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.22 views

Gold Addons for Elementor < 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Gold Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00255EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.15 views

BlogLentor <= <=1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The BlogLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.9AI score0.00411EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.11 views

Forty Four – 404 Plugin for WordPress <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Forty Four – 404 Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00446EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.14 views

Pk Favicon Manager <=2.1 - Authenticated (Admin+) Arbitrary File Upload

Description The Pk Favicon Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files o...

9.1CVSS8AI score0.00822EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.13 views

Aiomatic < 1.9.4 - Missing Authorization

Description The Aiomatic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.9.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...

8.8CVSS6.7AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.20 views

weDocs < 2.1.5 - Missing Authorization

Description The weDocs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatehelpfullness REST API endpoint in versions up to, and including, 2.1.4. This makes it possible for unauthenticated attackers to update settings...

5.3CVSS6.9AI score0.00373EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.16 views

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin < 3.72 - Authenticated (Author+) Stored Cross-Site Scripting

Description The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

5.9CVSS5.9AI score0.00259EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.14 views

Viet Affiliate Link <=1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Viet Affiliate Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

5.9CVSS5.9AI score0.00442EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.15 views

Content Blocks (Custom Post Widget) < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.5CVSS5.9AI score0.00254EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.10 views

WP Favorite Posts <= 1.6.8 - Cross-Site Request Forgery

Description The WP Favorite Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action vi...

4.3CVSS6.6AI score0.00249EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.11 views

Shared Files < 1.7.20 - Missing Authorization

Description The Shared Files – Advanced File Sharing & Download Manager with Frontend Uploads & Lead Generation plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.19. This makes it possible for...

7AI score0.00255EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.23 views

AI Engine: ChatGPT Chatbot < 2.2.70 - Authenticated (Editor+) Arbitrary File Upload

Description The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.2.63. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affecte...

9.1CVSS8AI score0.00824EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.9 views

Configure Login Timeout <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Configure Login Timeout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00446EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.14 views

DS Site Message <= 1.14.4 - Cross-Site Request Forgery

Description The DS Site Message plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.14.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via...

4.3CVSS6.6AI score0.00244EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.24 views

WP Photo Album Plus < 8.7.01.002 - Unauthenticated Arbitrary File Upload

Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the import functionality and no capability check in all versions up to, and including, 8.7.01.001. This makes it possible for unauthenticated attackers to upload...

10CVSS8.2AI score0.00542EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.12 views

All-in-One Addons for Elementor – WidgetKit < 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.5CVSS5.9AI score0.00259EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.13 views

WOLF – WordPress Posts Bulk Editor and Manager Professional < 1.0.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.8.2 due to insufficient input sanitization and output escaping. This makes it possible for...

5.9CVSS5.9AI score0.00278EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.10 views

SKT Addons for Elementor < 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Block

Description The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Block in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.16 views

Easy Digital Downloads < 3.2.12 - Cross-Site Request Forgery

Description The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.11. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...

8.8CVSS6.7AI score0.0022EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.16 views

Pootle Pagebuilder – WordPress Page builder <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Pootle Pagebuilder – WordPress Page builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.5CVSS5.9AI score0.00308EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.24 views

gee Search Plus, improved WordPress search <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The gee Search Plus, improved WordPress search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

5.9CVSS5.9AI score0.00255EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.14 views

canvasio3D Light <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload

Description The canvasio3D Light plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on t...

9.9CVSS8AI score0.00826EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.15 views

Better Elementor Addons < 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above...

6.5CVSS5.9AI score0.00409EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.12 views

ShortPixel Adaptive Images < 3.8.4 - Cross-Site Request Forgery

Description The ShortPixel Adaptive Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the import-settings page. This makes it possible for unauthenticated attackers to import...

4.3CVSS6.6AI score0.00252EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.16 views

RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging < 4.23.9 - Reflected Cross-Site Scripting

Description The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noticeid' parameter in all versions up to, and including, 4.23.8 due to insufficient input sanitization and output escaping. This...

6.1CVSS6.3AI score0.00382EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.10 views

Cost Calculator Builder Pro < 3.1.73 - Authenticated (Subscriber+) Server-Side Request Forgery

Description Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the senddemowebhook function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary...

6.4CVSS6.5AI score0.00276EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.12 views

ReviewX – Multi-criteria Rating & Reviews for WooCommerce < 1.6.28 - Missing Authorization

Description The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewxremoveguestimage function in all versions up to, and including, 1.6.27. This makes it possible for...

4.3CVSS6.7AI score0.0037EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.18 views

ShiftController Employee Shift Scheduling < 4.9.58 - Authenticated (Contributor+) PHP Object Injection

Description The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the hc3session-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attacker with contributor access-level or...

7.5CVSS7.4AI score0.00588EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.12 views

Featured Content Gallery <= 3.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Featured Content Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00433EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/16 12:0 a.m.22 views

Form Maker by 10Web < 1.15.25 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it...

5.9CVSS5.9AI score0.00447EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602