Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.17 views

Sensei LMS <= 4.23.1 & Sensei Pro (WC Paid Courses) <= 4.24.0.1.24.0 - Missing Authorization

Description The Sensei LMS and Sensei Pro WC Paid Courses plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flushrewriterules function in versions up to, and including, 4.23.1 and . 4.24.0.1.24.0 respectively. This makes it possible...

6.4AI score0.00525EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.11 views

Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow < 1.4.0 - Missing Authorization

Description The Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxmediaslider and mssavesettings functions in versions up to, and including, 1.3.9. This...

8.8CVSS6.4AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.20 views

WP Time Slots Booking Form < 1.2.11 - Unauthenticated Stored Cross-Site Scripting

Description The WP Time Slots Booking Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.1CVSS6AI score0.00308EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.14 views

Easy Forms for Mailchimp <= 6.9.0 - Missing Authorization

Description The Easy Forms for Mailchimp plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.9.0. This makes it possible for unauthenticated attackers to perform an unauthorized action...

7.3CVSS6.7AI score0.00316EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.11 views

Dashboard To-Do List < 1.3.0 - Missing Authorization via ardtdw_widgetsetup()

Description The Dashboard To-Do List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ardtdwwidgetsetup function in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level acces...

8.8CVSS6.4AI score0.00333EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.17 views

WPBakery Page Builder < 7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute

Description The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vcsingleimage shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS5.8AI score0.00305EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.18 views

Extra Product Options for WooCommerce < 3.0.7 - Missing Authorization

Description The Extra Product Options for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the epofwgetdatabasedoncd and epofwchangefieldbasedontype functions in versions up to, and including, 3.0.6. This makes it possible fo...

8.8CVSS6.4AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.12 views

WP Visitors Tracker < 2.4 - Reflected Cross-Site Scripting

Description The WP Visitors Tracker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.3AI score0.00288EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.14 views

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) < 5.2.4 - Cross-Site Request Forgery

Description The Analytify – Google Analytics Dashboard For WordPress GA4 analytics made easy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.3. This is due to missing or incorrect nonce validation on the wpacheckauthentication function...

8.8CVSS6.6AI score0.00202EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.10 views

Kognetiks Chatbot for WordPress < 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

6.5CVSS5.7AI score0.00254EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.17 views

Bosa Elementor Addons and Templates for WooCommerce < 1.0.13 - Missing Authorization

Description The Bosa Elementor Addons and Templates for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the startimporter and pluginrequirements functions in versions up to, and including, 1.0.12. This makes it possible for...

8.8CVSS6.4AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.11 views

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages < 3.4.20 - Missing Authorization

Description The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wc4bpshopprofilesyncajax function in versions up to, and including, 3.4.19. This makes it...

8.8CVSS6.4AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.12 views

Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR

Description The plugin allows any authenticated user to join a private group due to a missing authorization check on a function PoC The PoC will be displayed on June 26, 2024, to give users the time to update...

6.3AI score0.00374EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.14 views

Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery < 1.4.6 - Missing Authorization

Description The Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaximagegallery and igsavesettings functions in versions up to, and including, 1.4.5. This...

8.8CVSS6.4AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.10 views

Upunzipper <= 1.0.0 - Authenticated (Admin+) Arbitrary File Deletion

Description The Upunzipper plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with administrator-level access and above, to delete arbitrary files on the server which can lead to remote cod...

8.6CVSS7.3AI score0.00605EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.20 views

ElasticPress < 5.1.2 - Data Sync via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the dosync function. This makes it possible for unauthenticated attackers to sync data via a forged request granted they can trick a site administrator into performing an action such...

4.3CVSS6.5AI score0.00185EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.17 views

Copymatic – AI Content Writer & Generator < 2.0 - Missing Authorization

Description The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the copymaticimportarticle function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, wit...

8.8CVSS6.4AI score0.00295EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.16 views

Bloglo < 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Bloglo theme for WordPress is vulnerable to Stored Cross-Site Scripting via author names in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.15 views

Tickera < 3.5.2.7 - Missing Authorization

Description The Tickera plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generateticketpreview function in versions up to, and including, 3.5.2.6. This makes it possible for authenticated attackers, with contributor-level access and above,...

8.8CVSS6.4AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.15 views

Leyka < 3.31.2 - Missing Authorization

Description The Leyka plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sendCardCheck function in versions up to, and including, 3.31.1. This makes it possible for unauthenticated attackers to perform a card check...

5.3CVSS6.7AI score0.00381EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.18 views

Eduma < 5.4.8 - Reflected Cross-Site Scripting

Description The Eduma plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 5.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00288EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.13 views

WP Time Slots Booking Form < 1.2.12 - Missing Authorization

Description The WP Time Slots Booking Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the datamanagement function in versions up to, and including, 1.2.11. This makes it possible for unauthenticated attackers to view slot data...

9.8CVSS6.6AI score0.00402EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.11 views

SC filechecker <= 0.6 - Authenticated (Admin+) Arbitrary File Deletion

Description The SC filechecker plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 0.6. This makes it possible for authenticated attackers, with administrator-level access and above, to delete arbitrary files on the server which can lead to remote...

8.6CVSS7.3AI score0.00605EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.8 views

Advanced Woo Labels – Product Labels for WooCommerce < 1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Advanced Woo Labels – Product Labels for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.5CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.18 views

EmbedPress < 3.9.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL

Description The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input...

6.4CVSS5.7AI score0.00344EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.20 views

Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF

Description The theme does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to update...

6.4AI score0.00193EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.16 views

WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks PoC The PoC will be displayed on June 26, 2024, to give users the time to update...

6.5AI score0.00372EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.14 views

WooCommerce Dropshipping <= 5.0.4 - Missing Authorization to Unauthenticated Arbitrary Email Send

Description The WooCommerce Dropshipping Premium plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on a function in all versions up to, and including, 5.0.4. This makes it possible for unauthenticated attackers to send arbitrary emails...

5.3CVSS6.8AI score0.00313EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.10 views

Radcliffe 2 < 2.0.18 - Missing Authorization

Description The radcliffe-2 theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.17. This makes it possible for unauthenticated attackers to perform an unauthorized action...

5.3CVSS6.7AI score0.00313EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.15 views

Slider Responsive Slideshow – Image slider, Gallery slideshow < 1.4.2 - Missing Authorization

Description The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxslideresponsive and srsavesettings functions in versions up to, and including, 1.4.0. This makes it...

8.8CVSS6.4AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.13 views

Strategery Migrations <= 1.0 - Unauthenticated Arbitrary File Deletion

Description The Strategery Migrations plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to delete arbitrary files on the server which can lead to remote code execution...

7.5CVSS7.5AI score0.00558EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.17 views

12 Step Meeting List < 3.14.34 - Reflected Cross-Site Scripting

Description The 12 Step Meeting List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.14.33 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

7.1CVSS6.3AI score0.0059EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.11 views

Newsletter - API v1 and v2 addon for Newsletter < 2.4.6 - Missing Authorization to Email Subscribers Management

Description The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the checkapikey function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create o...

6.5CVSS6.9AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.13 views

Visual Composer Website Builder < 45.9.0 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 45.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

6.5CVSS5.7AI score0.00279EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.11 views

Master Addons for Elementor < 2.0.5.6 - Missing Authorization via get_jltma_save_menuitem_settings()

Description The Master Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getjltmasavemenuitemsettings function in versions up to, and including, 2.0.5.4.1. This makes it possible for unauthenticated attackers to...

9.8CVSS6.7AI score0.00397EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.13 views

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.110 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter

Description The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to blind SQL Injection via the ‘dataaddonID’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficie...

8.8CVSS7.2AI score0.00509EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.15 views

InstaWP Connect – 1-click WP Staging & Migration < 0.1.0.39 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation

Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to conne...

9.8CVSS6.7AI score0.04156EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.19 views

BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness

Description The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

6.5CVSS6.9AI score0.00388EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.7 views

ARMember < 4.0.28 - Directory Traversal via X-FILENAME

Description The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files e.g., CSS to directories outside the...

7.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.14 views

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'getmanualcalendarevents' function in all versions up to, and including, 5.9.22 due to insufficient input...

6.4CVSS5.8AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.23 views

Events Addon for Elementor < 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

Description The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.8AI score0.00329EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.15 views

Ocean Extra < 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flickr Widget

Description The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS5.8AI score0.0031EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.11 views

WP Shortcodes Plugin — Shortcodes Ultimate < 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sulightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS5.7AI score0.00342EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.14 views

Icegram Express < 5.7.23 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id]

Description The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘optionslistid’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

8.8CVSS7.2AI score0.00454EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.11 views

Debug Log Manager < 2.3.2 - Missing Authorization

Description The Debug Log Manager plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getlatestentries and disablewpfileeditor functions in versions up to, and including, 2.3.1. This makes it possible for authenticated...

8.8CVSS6.4AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.13 views

Qi Addons For Elementor < 1.7.3 - Authenticated (Contributor+) Local File Inclusion

Description The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qiaddonsforelementorbloglist shortcode. This makes it possible for authenticated attackers, with...

7.5CVSS7.2AI score0.00631EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.17 views

Blocksy < 2.0.51 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the customurl parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.4CVSS6.3AI score0.00288EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.12 views

Salon booking system < 10.0 - Missing Authorization

Description The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with...

5.4CVSS6.4AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.16 views

Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events

Description The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input...

6.4CVSS5.9AI score0.00341EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.19 views

Integrate Google Drive < 1.3.94 - Missing Authorization

Description The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and includin...

9.8CVSS6.7AI score0.0041EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14602