Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.16 views

Calendarista < 15.5.9 - Authenticated (Subscriber+) SQL Injection

Description The Calendarista plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 15.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...

8.5CVSS7.3AI score0.00549EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.16 views

EAN for WooCommerce < 4.9.0 - Authenticated (Shop Manager+) Arbitrary Options Update

Description The EAN for WooCommerce plugin for WordPress is vulnerable to arbitrary options updates n all versions up to, and including, 4.8.9. This is due to insufficient restrictions on option values that can be supplied. This makes it possible for authenticated attackers, with Shop Manager-lev...

7.2CVSS6.5AI score0.01095EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.20 views

Mesmerize Companion < 1.6.149 - Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode

Description The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerizecontactform' shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.9AI score0.00333EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.18 views

Post Grid Master < 3.4.8 - Missing Authorization

Description The Post Grid Master plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ampostgridloadpostsajaxfunctions function in versions up to, and including, 3.4.7. This makes it possible for unauthenticated attackers to load posts...

5.3CVSS6.7AI score0.00449EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.27 views

Media Cleaner: Clean your WordPress! < 6.7.3 - Unauthenticated Information Exposure

Description The Media Cleaner: Clean your WordPress! plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.2 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information...

5.3CVSS6.4AI score0.00447EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.13 views

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro < 5.3.2 - Unauthenticated Arbitrary Shortcode Execution

Description The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. This is due to the plugin for WordPress allowing users to execute an action that doe...

6.5CVSS7.5AI score0.00491EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.18 views

CodeBard's Patron Button and Widgets for Patreon <= 2.2.0 - Reflected Cross-Site Scripting

Description The CodeBard's Patron Button and Widgets for Patreon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.1CVSS6.5AI score0.0033EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.18 views

WP Migration Plugin DB & Files – WP Synchro < 1.11.3 - Cross-Site Request Forgery

Description The WP Migration Plugin DB & Files – WP Synchro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.2. This is due to missing or incorrect nonce validation on several REST API endpoints. This makes it possible for unauthenticated...

5.4CVSS9.1AI score0.00209EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.23 views

WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) < 1.3.3 - Unauthenticated PHP Object Injection

Description The WholesaleX – WooCommerce Wholesale Plugin Wholesale Prices, Dynamic Pricing, Tiered Pricing plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.2 via deserialization of untrusted input. This makes it possible for unauthenticated...

10CVSS7.4AI score0.00725EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.15 views

ElementsReady Addons for Elementor < 5.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.22 views

Embed Google Fonts <= 3.1.0 - Missing Authorization

Description The Embed Google Fonts plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

4.3CVSS6.5AI score0.00337EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.121 views

Yoast SEO < 22.6 - Reflected Cross-Site Scripting

Description The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS6.4AI score0.00832EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.14 views

WooCommerce AWeber Newsletter Subscription < 4.0.3 - Missing Authorization to Access Token Modification

Description The WooCommerce AWeber Newsletter Subscription plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 4.0.2. This makes it possible for unauthenticated attackers to reset and change...

6.5CVSS6.8AI score0.00475EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

iPanorama 360 WordPress Virtual Tour Builder < 1.8.2 - Missing Authorization

Description The iPanorama 360 WordPress Virtual Tour Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a REST API endpoint in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to view deactivated...

5.3CVSS6.7AI score0.00424EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.12 views

Login with phone number < 1.7.20 - Missing Authorization

Description The Login with phone number plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idehweblwpupdatebillingphones function in versions up to, and including, 1.7.18. This makes it possible for authenticated attackers, with...

4.3CVSS6.4AI score0.00396EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.10 views

CPO Companion <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...

6.5CVSS5.9AI score0.00315EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.27 views

RegistrationMagic < 5.3.2.1 - Reflected Cross-Site Scripting

Description The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 5.3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for...

7.1CVSS6.5AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.28 views

Survey Maker – Best WordPress Survey Plugin < 3.6.4 - Unauthenticated Stored Cross-Site Scripting

Description The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.17 views

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.27 - Unauthenticated PHP Object Injection

Description The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.0.26 via deserialization of untrusted input. This makes it possible for unauthenticated...

9.8CVSS7.4AI score0.00645EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.11 views

Webpushr < 4.36.0 - Reflected Cross-Site Scripting

Description The Web Push Notifications – Webpushr plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' parameter in all versions up to, and including, 4.35.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

7.1CVSS6.3AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.17 views

WPify Woo Czech < 4.0.11 - Reflected Cross-Site Scripting

Description The WPify Woo Czech plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

7.1CVSS6.5AI score0.00334EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.14 views

Post Grid Master <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.4.8 due to insufficient input...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.23 views

Exclusive Addons Elementor < 2.6.9.2 - Missing Authorization to Post Duplication

Description The Exclusive Addons Elementor plugin for WordPress is vulnerable to unauthorized access of datadue to an insufficient capability check on the duplicatepost function in versions up to, and including, 2.6.9.1. This makes it possible for authenticated attackers, with contributor-level...

9.8CVSS6.2AI score0.00422EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.14 views

TweetScroll Widget <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The TweetScroll Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00286EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.10 views

Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.39 - Authenticated (Contributor+) PHP Object Injection

Description The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No kno...

8.8CVSS7.4AI score0.0066EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.17 views

SP Project & Document Manager <= 4.69 - Missing Authorization

Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.69. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

6.3CVSS6.5AI score0.00353EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.20 views

WP Post Author < 3.6.5 - Subscriber+ Rating Manipulation

Description The plugin is vulnerable to unauthorized access due to a missing capability check on a function, allowing authenticated attackers, with subscriber-level access and above, to manipulate ratings...

4.3CVSS4.7AI score0.00361EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.17 views

iPages Flipbook < 1.5.2 - Missing Authorization

Description The iPages Flipbook plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a REST API endpoint in versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to view deactivated items...

6.5AI score0.00249EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.11 views

Conversational Forms for ChatBot < 1.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The ChatBot Conversational Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00354EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.28 views

XML Sitemap & Google News < 5.4.9 - Unauthenticated Local File Inclusion

Description The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

8.1CVSS7.8AI score0.00743EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.10 views

HT Mega – Absolute Addons For Elementor < 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify

Description The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

6.4CVSS5.9AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.16 views

GDPR Compliance <= 1.2.5 - Authenticated (Subscriber+) Information Exposure

Description The GDPR Compliance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive user or configuration data...

7.5CVSS6.7AI score0.00585EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.17 views

WP Shortcodes Plugin — Shortcodes Ultimate < 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sulightbox shortcode in all versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

7.8AI score
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.22 views

ProfileGrid < 5.7.2 - Authenticated (Contributor+) SQL Injection

Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

8.8CVSS7.2AI score0.00858EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.13 views

Link Library < 7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via link-library Shortcode

Description The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.9AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.18 views

Custom WooCommerce Checkout Fields Editor < 1.3.2 - Missing Authorization

Description The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6.4AI score0.00441EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.14 views

WordPress Affiliates Plugin — SliceWP Affiliates < 1.1.11 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.9CVSS5.7AI score0.00359EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.21 views

Contact Form to Any API < 1.1.9 - Authenticated (Subscriber+) SQL Injection

Description The Contact Form to Any API plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.1.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticate...

8.5CVSS7.3AI score0.00549EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.12 views

Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) < 3.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution

Description The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

6.5CVSS7.3AI score0.00284EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.19 views

Masteriyo - LMS < 1.7.4 - Insecure Direct Object Reference

Description The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.7.3 via the REST API due to missing validation on a user controlled key. This makes it possible for...

6.5AI score0.00843EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.20 views

Archives Calendar Widget <= 1.0.15 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Archives Calendar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00442EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.15 views

Easy PopUp Show <= 0.12 - Cross-Site Request Forgery

Description The easy-popup-show plugin for WordPress is vulnerable to Cross-Site Request Forgery in version all versions. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted the...

6.5AI score0.00231EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.16 views

Mini Loops <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Mini Loops plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.9AI score0.00312EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.13 views

WP Latest Posts < 5.0.8 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

Description The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call ...

5.4CVSS7.8AI score0.00376EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.12 views

Visual Footer Credit Remover < 1.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.00287EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.11 views

Social Connect <= 1.2 - Authentication Bypass

Description The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated...

9.8CVSS7.4AI score0.00789EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.11 views

Auto Affiliate Links < 6.4.4 - Authenticated (Editor+) SQL Injection

Description The Auto Affiliate Links plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.4.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

7.6CVSS7.5AI score0.00515EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.16 views

Slider by Supsystic < 1.8.11 - Authenticated (Admin+) SQL Injection

Description The Slider by Supsystic plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.8.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

7.6CVSS7.3AI score0.00547EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.14 views

WP Editor < 1.2.9 - Reflected Cross-Site Scripting

Description The WP Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00354EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602