Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.17 views

Easy Form Builder < 3.7.5 - Authenticated (Contributor+) SQL Injection

Description The Easy Form Builder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.7.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...

8.5CVSS7.5AI score0.00488EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.26 views

MasterStudy LMS < 3.3.4 - Unauthenticated Local File Inclusion via template

Description The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...

9.8CVSS7.9AI score0.05018EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.15 views

Ultimate Social Comments – Email Notification & Lazy Load <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Ultimate Social Comments – Email Notification & Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.16 views

WP Directory Kit < 1.3.1 - Authenticated (Subscriber+) SQL Injection

Description The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attributevalue' and 'attributeid' parameters in all versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

8.8CVSS7.3AI score0.01869EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.19 views

Paid Memberships Pro – Mailchimp Add On < 2.3.5 - Unauthenticated Information Disclosure

Description The Paid Memberships Pro – Mailchimp Add On plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.4 via log files. This makes it possible for unauthenticated attackers to extract information from log files...

5.3CVSS6.6AI score0.00447EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.13 views

Booking Package < 1.6.29 - Unauthenticated Price Manipulation

Description The Booking Package plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 1.6.27. This is due to insufficient validation on the pricing data being passed to the server. This makes it possible for unauthenticated attackers to modify the price of...

7AI score0.00224EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.15 views

Responsive flipbook <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Responsive flipbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.18 views

Elementor Addons, Widgets and Enhancements – Stax <= 1.4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Heading' widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.8AI score0.00353EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.8 views

Global Elementor Buttons <= 1.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via button link

Description The Global Elementor Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link URL in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00344EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.14 views

FG PrestaShop to WooCommerce < 4.47.0 - Unauthenticated Sensitive Information Disclosure

Description The FG PrestaShop to WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.45.1. This makes it possible for unauthenticated attackers to view data in log files...

5.3CVSS7AI score0.0047EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.15 views

User Rights Access Manager <= 1.1.2 - Reflected Cross-Site Scripting

Description The User Rights Access Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

5.8CVSS6.3AI score0.00306EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.16 views

HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.5.2 - Cross-Site Request Forgery

Description The HUSKY – Products Filter for WooCommerce formerly WOOF plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.5.1. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated...

8.8CVSS6.7AI score0.00241EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.15 views

WholesaleX < 1.3.3 - Unauthenticated Privilege Escalation

Description The WholesaleX – WooCommerce Wholesale Plugin Wholesale Prices, Dynamic Pricing, Tiered Pricing plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attackers to escalate their privileges...

9.8CVSS7AI score0.00538EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.19 views

Brave Popup Builder < 0.6.6 - Unauthenticated Server-Side Request Forgery

Description The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.6.5. This makes it possible for unauthenticated attackers to make web requests to...

5.4CVSS6.8AI score0.00305EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.16 views

Sponsors <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.9AI score0.00357EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.16 views

Thumbs Rating <= 5.1.0 - Unauthenticated Insecure Direct Object Reference

Description The Thumbs Rating plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.0 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to perform an unauthorized action...

6.8AI score0.00436EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.21 views

WP Express Checkout (Accept PayPal Payments) < 2.3.8 - Unauthenticated Price Manipulation

Description The WP Express Checkout Accept PayPal Payments plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 2.3.7. This is due to insufficient validation on the pricing data being passed to the server. This makes it possible for unauthenticated...

7.5CVSS6.5AI score0.00521EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.20 views

Shortcodes and extra features for Phlox theme <= 2.15.5 - Missing Authorization

Description The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.15.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perfor...

8.8CVSS6.5AI score0.00361EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.21 views

Custom post types, Custom Fields & more < 5.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post me...

6.4CVSS5.8AI score0.00435EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.14 views

CMB2 < 2.11.0 - Authenticated (Contributor+) PHP Object Injection

Description The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the textdatetimetimestamptimezone field. This makes it possible for authenticated attackers, with contributor access or higher, ...

7.5CVSS7.5AI score0.00822EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.26 views

wp-forecast < 9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The wp-forecast plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.9AI score0.00348EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.15 views

WP Twitter Mega Fan Box Widget <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WP Twitter Mega Fan Box Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00339EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.21 views

10Web Map Builder for Google Maps <= 1.0.74 - Authenticated (Administrator+) SQL Injection

Description The 10Web Map Builder for Google Maps plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.74 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.6CVSS7.5AI score0.00541EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.24 views

Import Export WordPress Users < 2.5.3 - Authenticated (Shop Manager+) Path Traversal

Description The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with shop manager-level access and above, to read the contents of arbitrary files on the...

4.3CVSS6.5AI score0.00517EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.22 views

LearnPress < 4.2.6.4 - Insecure Direct Object Reference

Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated...

6.5CVSS6.2AI score0.00391EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.14 views

Gutenberg Blocks by Kadence Blocks < 3.2.26 - Authenticated (Author+) Server-Side Request Forgery

Description The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.25. This makes it possible for authenticated attackers, with author-level access and above, to make web requests t...

6.5CVSS6.7AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.15 views

WP Travel Engine < 5.8.0 - Authenticated (Administrator+) SQL Injection

Description The WP Travel Engine plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers...

7.6CVSS7.5AI score0.00574EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.17 views

Newsletter < 8.2.1 - IP Spoofing

Description The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 8.2.0 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP address and bypas...

5.3CVSS9.3AI score0.00494EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.15 views

Watu Quiz < 3.4.1.1 - Sensitive Information Disclosure

Description The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta...

4.3CVSS5.3AI score0.005EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.16 views

Paid Memberships Pro – Payfast Gateway Add On < 1.4.2 - Unauthenticated Information Exposure

Description The Paid Memberships Pro – Payfast Gateway Add On plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.1 via log files. This makes it possible for unauthenticated attackers to extract potentially sensitive information from log...

5.3CVSS6.5AI score0.0047EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.15 views

ProfileGrid < 5.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference

Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.2 due to missing validation on a user controlled key. This makes it possible for authenticated attacker...

6.5CVSS6.5AI score0.00455EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.17 views

OSS Aliyun < 1.4.11 - Authenticated (Administrator+) SQL Injection

Description The OSS Aliyun plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, wit...

7.6CVSS7.3AI score0.00515EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.13 views

Passster < 4.2.6.5 - Contributor+ Stored XSS via content_protector Shortcode

Description The plugin does not validate and escape some of its contentprotector shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS6.4AI score0.00501EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.25 views

CRM Perks Forms < 1.1.5 - Authenticated (Contributor+) SQL Injection

Description The CRM Perks Forms plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,...

8.8CVSS7.3AI score0.00577EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.23 views

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) < 3.2.10 - Sensitive Information Exposure

Description The Easy Digital Downloads – Sell Digital Files & Subscriptions eCommerce Store + Payments Made Easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the...

5.3CVSS7AI score0.00603EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.8 views

pageMash > Page Management <= 1.3.0 - Reflected Cross-Site Scripting

Description The pageMash Page Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.10 views

Header Image Slider <= 0.3 - Reflected Cross-Site Scripting

Description The Header Image Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.5AI score0.00183EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.12 views

OpenID <= 3.6.1 - Reflected Cross-Site Scripting

Description The OpenID plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...

7.1CVSS6.5AI score0.00395EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.16 views

Sliced Invoices < 3.9.3 - Missing Authorization

Description The Sliced Invoices plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the suretoemail function in versions up to, and including, 3.9.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to send...

8.8CVSS6.5AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.11 views

Broken Images <= 0.2 - Cross-Site Request Forgery

Description The Broken Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a...

7.1CVSS6.1AI score0.00195EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.17 views

Beaver Themer < 1.4.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode

Description The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including...

6.5CVSS6.8AI score0.00525EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

GamiPress < 6.8.6 - Cross-Site Request Forgery

Description The GamiPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.8.5. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request...

4.3CVSS6.5AI score0.00212EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.12 views

Appointment Calendar <= 2.9.6 - Reflected Cross-Site Scripting

Description The Appointment Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

7.1CVSS6.5AI score0.00395EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

Creative Image Slider – Responsive Slider Plugin < 2.5.0 - Reflected Cross-Site Scripting

Description The Creative Image Slider – Responsive Slider Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.1CVSS6.3AI score0.00375EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.11 views

Web Icons < 1.0.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Web Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.19 views

Contact Form 7 Newsletter <= 2.2 - Reflected Cross-Site Scripting

Description The Contact Form 7 Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

7.1CVSS6.3AI score0.00354EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.14 views

Tainacan < 0.20.8 - Missing Authorization

Description The Tainacan plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 0.20.7. This makes it possible for unauthenticated attackers to perform unauthorized actions...

9.8CVSS7AI score0.00438EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.19 views

Klarna Payments for WooCommerce < 3.3.0 - Missing Authorization

Description The Klarna Payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.2.4. This makes it possible for unauthenticated attackers to perform an unauthorized action...

9.8CVSS5.9AI score0.00478EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.11 views

Change default login logo,url and title <= 2.0 - Cross-Site Request Forgery

Description The Change default login logo,url and title plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing or incorrect nonce. This makes it possible for unauthenticated attackers to perform an unauthorized action and...

7.1CVSS6.1AI score0.00195EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.29 views

Slider by Supsystic < 1.8.11 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Slider by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.8AI score0.00359EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14603