Lucene search
K
WpvulndbRecent

14602 matches found

WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.6 views

Pretty Google Calendar < 1.6.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via pretty_google_calendar shortcode

Description The Pretty Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.8 views

PayTR Taksit Tablosu <= 1.3.1 - Missing Authorization

Description The PayTR Taksit Tablosu plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on one of its functions in versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to invoke this function with an unclear...

9.4AI score0.00409EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.12 views

WP Roadmap < 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WP Roadmap – Product Feedback Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00386EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.12 views

Community by PeepSo < 6.2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user avatars in all versions up to, and including, 6.2.2.0 due to insufficient input sanitization and output escaping on user supplie...

6.5CVSS5.9AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.18 views

WP Githuber MD < 1.16.3 - Authenticated (Author+) Arbitrary File Upload

Description The WP Githuber MD – WordPress Markdown Editor plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.16.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's...

9.6AI score0.00603EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.14 views

WC Vendors Marketplace < 2.4.7.1 - Authenticated (Shop manager+) SQL Injection via search dates

Description The WC Vendors Marketplace plugin for WordPress is vulnerable to SQL Injection via search date parameters in versions up to, and including, 2.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.6CVSS7.5AI score0.00725EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.10 views

WP VK-付费内容插件 < 1.3.4 - Cross-Site Request Forgery via AJAX actions

Description The plugin is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on several of its AJAX actions. This makes it possible for unauthenticated attackers to update plugin settings via a forged request...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.12 views

WPSchoolPress < 2.2.5 - Cross-Site Request Forgery

Description The WPSchoolPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.4. This is due to missing nonce validation on several functions called via AJAX actions in the /lib/wpsp-ajaxworks.php file. This makes it possible for...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.18 views

Multi Step Form < 1.7.13 - Form Update/Deletion via CSRF

Description The plugin does not have CSRF checks when deleting, updating and duplicating forms, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

8.8CVSS6.9AI score0.00264EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.14 views

Perfmatters < 2.1.7 - Missing Authorization

Description The Perfmatters plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on one of its functions in all versions up to, and including, 2.1.6. This makes it possible for subscriber-level attackers to invoke this function...

8.8CVSS9.3AI score0.00408EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.17 views

BestWebSoft's Like & Share < 2.74 - Unauthenticated Password Protected Post Read

Description The plugin discloses the content of password protected posts to unauthenticated users via a meta tag PoC In the web browser, view the source of any password protected post and check the og:description meta tag...

7.5CVSS6.7AI score0.00456EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.18 views

Accelerated Mobile Pages < 1.0.89 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.88.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.5CVSS5.8AI score0.00377EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.17 views

Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload

Description Multiple plugins for WordPress by Trustindex.io are vulnerable to arbitrary file uploads due to missing file type validation in the /tabs/featurerequest.php file in various versions. This makes it possible for authenticated attackers, with editor-level access and above, to upload...

7.5AI score0.00535EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.19 views

Salon booking system < 8.7 - Authenticated (Editor+) Privilege Escalation

Description The Salon booking system plugin for WordPress is vulnerable to privilege escalation in all versions up to, but excluding, 8.7. This makes it possible for authenticated attackers, with editor-level access and above, to escalate their privileges to that of an administrator...

7.3AI score0.00524EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.9 views

License Manager for WooCommerce < 2.2.11 - Authenticated (Administrator+) SQL Injection

Description The License Manager for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the orderby parameter in versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mak...

7.6CVSS7.5AI score0.00697EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.37 views

Booster for WooCommerce < 7.1.2 - Authenticated (Subscriber+) Information Disclosure via Shortcode

Description The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcjgetoption' shortcode in versions up to, and including, 7.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers,...

6.5CVSS6.3AI score0.00615EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.9 views

Grab & Save <= 1.0.4 - Reflected Cross-Site Scripting

Description The Grab & Save plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.5AI score0.00434EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.11 views

Parallax Image < 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.5CVSS5.3AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.13 views

Display Custom Post <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Display Custom Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.5CVSS5.9AI score0.00377EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.7 views

Bit Assist < 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Bit Assist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.9 views

Educare < 1.4.7 - Missing Authorization to Sensitive Information Exposure

Description The Educare plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the educaregetdatafromstudents function in versions up to, and including, 1.4.6. This makes it possible for authenticated attackers, with subscriber-level permissions and...

6.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.12 views

TriPay Payment Gateway < 3.2.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.3AI score0.00394EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.21 views

ChatBot < 4.7.9 - Authenticated (Administrator+) SQL Injection

Description The AI ChatBot plugin for WordPress is vulnerable to SQL Injection via the orderby parameter in all versions up to, and including, 4.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.6CVSS7.7AI score0.00725EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.15 views

Booster for WooCommerce < 7.1.2 - Missing Authorization to Authenticated (Subscriber+) Order Information Disclosure

Description The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the initatts function in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with subscriber-level access and...

6.5CVSS6.8AI score0.00593EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.8 views

Simply Exclude <= 2.0.6.6 - Reflected Cross-Site Scripting

Description The Simply Exclude plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.5AI score0.00358EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.33 views

Contact Form Email < 1.3.42 - Captcha Bypass

Description The Contact Form Email plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.3.41. This makes it possible for unauthenticated attackers to bypass the Captcha Verification...

7.1AI score0.00312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.17 views

Import Spreadsheets from Microsoft Excel < 10.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Import Spreadsheets from Microsoft Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 10.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.5CVSS5.8AI score0.00377EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.17 views

Bootstrap Shortcodes Ultimate <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Bootstrap Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.5CVSS5.9AI score0.00303EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.13 views

Landing Page Builder < 1.5.1.6 - Open Redirect

Description The Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.5.1.5. This is due to insufficient validation on the redirect url supplied via user input or request...

6.1CVSS7AI score0.0039EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.29 views

Perfmatters < 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The Perfmatters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to 2.2.0 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access or...

6.5CVSS8AI score0.00368EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.15 views

Perfmatters < 2.1.7 - Reflected Cross-Site Scripting

Description The Perfmatters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

7.1CVSS8.6AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.8 views

Community by PeepSo < 6.2.7.0 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.4AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.10 views

Fast Custom Social Share by CodeBard <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Fast Custom Social Share by CodeBard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

5.9CVSS5.9AI score0.00386EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.15 views

myCred < 2.6.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.9AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.24 views

WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.0 - Insecure Direct Object Reference to Information Disclosure

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible...

4.3CVSS6.3AI score0.00529EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.68 views

Salient Core < 2.0.3 - Reflected Cross-Site Scripting

Description The salient-core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

7.1CVSS6.5AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.18 views

rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE

Description The plugin loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. PoC 1. As an admin, visit rtMedia Settings Export/Import. 2. Click the "Browse File" button beside "Import rtMedia Settings". 3. Upload a file with the...

7.2CVSS7.3AI score0.01331EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.15 views

eDoc Employee Job Application <= 1.13 - Reflected Cross-Site Scripting

Description The eDoc Employee Job Application – Best WordPress Job Manager for Employees plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 1.13 due to insufficient input sanitization and output escaping. This makes ...

7.1CVSS8.6AI score0.00412EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.14 views

Video Player <= 1.5.22 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The SpiderVPlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.9AI score0.00394EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.34 views

Mollie Payments for WooCommerce < 7.3.12 - Authenticated (Shop Manager+) Arbitrary File Upload

Description The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in one of its functions in all versions up to, and including, 7.3.11. This makes it possible for authenticated attackers, with Shop Manager access to...

9.1CVSS7.6AI score0.00603EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.25 views

CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Upload

Description The CataBlog plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with editor access and above to upload arbitrary files on the affected site's server which may make remote code...

8AI score0.00603EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.13 views

CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Deletion

Description The CataBlog plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with editor access or higher to delete arbitrary files on the affected site's server which may make site takeover...

6.8AI score0.00519EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.10 views

WP Discord Invite < 2.5.1 - Reflected Cross-Site Scripting via webhook

Description The WP Discord Invite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘webhook’ parameter in versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.19 views

Easy Social Icons < 3.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Easy Social Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.5CVSS5.9AI score0.00377EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.25 views

WP Forms Puzzle Captcha <= 4.1 - Captcha Bypass

Description The WP Forms Puzzle Captcha plugin for WordPress is vulnerable to Captcha Bypass in versions up to, and including, 2.8. This makes it possible for unauthenticated attackers to bypass the Captcha Verification...

7.1AI score0.0038EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.15 views

Link Whisper Free < 0.6.6 - Authenticated (Contributor+) SQL Injection

Description The Link Whisper Free plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...

8.5CVSS9.6AI score0.00561EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.14 views

Captcha Code < 3.0 - Captcha Bypass

Description The Captcha Code plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.9. This makes it possible for unauthenticated attackers to bypass the Captcha Verification...

9.5AI score0.00352EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.12 views

Tainacan < 0.20.5 - Reflected Cross-Site Scripting

Description The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.20.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.5AI score0.00412EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.111 views

Yoast SEO < 21.1 - Authenticated (Seo Manager+) Stored Cross-Site Scripting

Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 21.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with seo manager-level access and above, to inject...

5.9CVSS5.9AI score0.00427EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.6 views

Booking Calendar < 9.7.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

Description The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 9.7.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.9AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities14602