Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.10 views

Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload

Description The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handlefoldersfileupload' function. This makes it possible for authenticated attackers, with author access and...

4.3CVSS6.7AI score0.00673EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.9 views

Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress < 1.7.3 - Authenticated (Author+) SQL Injection

Description The Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

8.8CVSS7.3AI score0.00441EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.17 views

Comments – wpDiscuz < 7.6.19 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.6.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.12 views

PropertyHive < 2.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The PropertyHive plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.13 views

Podlove Web Player < 5.7.4 - Missing Authorization to Unauthenticated Information Exposure

Description The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /shortcode REST API endpoint in all versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to view information they...

5.3CVSS6.4AI score0.00365EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.12 views

WP Docs < 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.13 views

Woody code snippets – Insert Header Footer Code, AdSense Ads <= 2.4.10 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.10 due to insufficient input sanitization and output escaping. This makes it possible for...

5.9CVSS5.8AI score0.00274EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.21 views

Newsletters < 4.9.6 - Reflected Cross-Site Scripting

Description The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.9.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...

7.1CVSS6.3AI score0.00288EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.13 views

Gutenberg Blocks by Kadence Blocks – Page Builder Features < 3.2.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter

Description The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5.8AI score0.00494EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.14 views

Pixgraphy < 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Pixgraphy theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.14 views

Link Library < 7.6.4 - Reflected Cross-Site Scripting

Description The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 7.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.1CVSS6.3AI score0.00327EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.11 views

Schema App Structured Data <= 2.2.0 - Cross-Site Request Forgery

Description The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update...

4.3CVSS6.4AI score0.00251EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.14 views

Idyllic < 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Idyllic theme for WordPress is vulnerable to Stored Cross-Site Scripting via author display name in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...

6.5CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.11 views

Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion

Description The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version = 1.1.1 via the WIWHEADER parameter of the /system/include/includeuser.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted o...

9.8CVSS8AI score0.00909EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.16 views

Canto <= 3.0.8 - Unauthenticated Remote File Inclusion

Description The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required...

9.8CVSS7.4AI score0.01027EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.15 views

HT Feed < 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The HT Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.15 views

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.110 - Authenticated (Contributor+) Information Exposure

Description The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.109 due to missing restrictions on the getPostDataByObj function. This makes it possible for authenticate...

8.8CVSS6.6AI score0.00367EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.12 views

Heateor Social Login WordPress < 1.1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.5CVSS5.7AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.11 views

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid < 7.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.5CVSS5.8AI score0.00279EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.13 views

Sensei Pro (WC Paid Courses) < 4.24.0.1.24.0 - Authenticated (Student+) Stored Cross-Site Scripting

Description The Sensei Pro WC Paid Courses plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.23.1.1.23.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Student-level acces...

6.5CVSS5.8AI score0.00353EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.18 views

Rife Free < 2.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Rife Free theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-leve...

6.5CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.9 views

TemplatesNext OnePager <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The TemplatesNext OnePager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.5CVSS5.8AI score0.00261EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.14 views

YITH WooCommerce Tab Manager < 1.35.1 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The YITH WooCommerce Tab Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.35.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-leve...

5.9CVSS5.7AI score0.00279EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.13 views

Widget Options - Extended <= 5.1.0 & Widget Options <= 4.0.1 - Authenticated (Subscriber+) Information Disclosure

Description The Widget Options - Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 5.1.3 exclusive for Widget Options - Extended and all versions up to, and including, 4.0.1 for Widget Options. This makes it possible for unauthenticated attackers ...

6.5CVSS6.3AI score0.00422EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.18 views

ElementsKit PRO < 3.6.3 - Authenticated (Contributor+) Server-Side Request Forgery

Description The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'renderraw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations...

9.6CVSS6.6AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.11 views

RestroPress – Online Food Ordering System < 3.1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.5CVSS5.7AI score0.00276EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.15 views

Gallery – Image and Video Gallery with Thumbnails <= 2.0.3 - Authenticated (Contributor+) SQL Injection

Description The Gallery – Image and Video Gallery with Thumbnails plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.8CVSS7.2AI score0.00441EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.18 views

Visualizer < 3.11.2 - Authenticated (Subscriber+) SQL Injection

Description The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to SQL Injection via the saveQuery function in all versions up to, and including, 3.11.1 due to a missing capability check on a function that runs SQL Queries. This makes it possible for...

8.8CVSS7.3AI score0.00441EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.15 views

Heateor Social Login WordPress < 1.1.33 - Unauthenticated Stored Cross-Site Scripting

Description The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS5.9AI score0.00272EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.10 views

Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin < 1.0.22 - Missing Authorization to Limited Privilege Escalation

Description The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This...

7.3CVSS6.6AI score0.00542EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.16 views

Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE < 2.6.12 - Authenticated (Subscriber+) Information Exposure

Description The Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

5.3CVSS6.4AI score0.00345EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.16 views

Theme < 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Event theme for WordPress is vulnerable to Stored Cross-Site Scripting via author display name in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.13 views

Folders Pro < 3.0.3 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload

Description The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handlefoldersfileupload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to...

8.8CVSS7.7AI score0.03303EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.17 views

Kenta Blocks – Responsive Blocks and block templates library < 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Kenta Blocks – Responsive Blocks and block templates library plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.15 views

Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section

Description The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group PoC The PoC will be displayed on June 26, 2024, to give users t...

6.5AI score0.00193EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.16 views

LA-Studio Element Kit for Elementor < 1.3.7.4 - Missing Authorization

Description The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to perform an unauthorized action...

8.8CVSS6.7AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.14 views

Album Gallery – WordPress Gallery < 1.5.8 - Missing Authorization

Description The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxalbumgallery and agsavesettings functions in versions up to, and including, 1.5.7. This makes it possible for authenticated...

8.8CVSS6.4AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.14 views

Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS

Description The theme does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks PoC The PoC will be displayed on June 26, 2024, to give users the time to update...

5.5AI score0.00335EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.14 views

Ovic Importer <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Download

Description The Ovic Importer plugin for WordPress is vulnerable to Arbitrary File Download Traversal in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, whi...

7.5CVSS6.4AI score0.00528EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.12 views

Block for Font Awesome < 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Block for Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.5CVSS5.8AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.11 views

Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! < 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Horizontal Nav Menu Widge

Description The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to...

6.4CVSS5.8AI score0.00411EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.16 views

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) < 2.7.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget

Description The PowerPack Addons for Elementor Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitizati...

6.4CVSS5.8AI score0.00401EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.12 views

Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF

Description The theme does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to update...

6.4AI score0.00193EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.10 views

BuddyPress Cover <= 2.1.4.2 - Unauthenticated Arbitrary File Upload

Description The BuddyPress Cover plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.1.4.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may...

10CVSS8AI score0.00511EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.20 views

CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More < 4.5 - Unauthenticated PHP Object Injection

Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recentlyviewedproducts cookie. Thi...

9.8CVSS7.3AI score0.00675EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.11 views

Dashboard Widgets Suite < 3.4.4 - Reflected Cross-Site Scripting

Description The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

6.1CVSS6.3AI score0.00369EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.11 views

Divi Torque Lite – Divi Theme and Extra Theme < 4.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

Description The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘supportunfilteredfilesupload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS5.8AI score0.00346EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.10 views

BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library < 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping on...

6.5CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.15 views

WPQA < 6.1.1 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks PoC The PoC will be displayed on June 26, 2024, to give users the time to update...

5.5AI score0.00329EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.9 views

GDPR/CCPA Cookie Consent Banner < 3.2.1 - Missing Authorization via handle_consent_toggle()

Description The GDPR/CCPA Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleconsenttoggle function in versions up to, and including, 3.2. This makes it possible for unauthenticated attackers to toggle conse...

7.3CVSS6.7AI score0.00278EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602