Lucene search

K

Ragic, Inc. Security Vulnerabilities

cve
cve

CVE-2024-4636

The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-15 07:15 AM
7
freebsd
freebsd

glpi -- stored XSS

MITRE Corporation reports: inc/user.class.php in GLPI before 9.4.3 allows XSS via a user...

6.1CVSS

2.7AI Score

0.001EPSS

2019-02-25 12:00 AM
8
cvelist
cvelist

CVE-2024-4887 Qi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Local File Inclusion

The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level...

7.5CVSS

0.001EPSS

2024-06-07 03:21 AM
vulnrichment
vulnrichment

CVE-2024-32131 WordPress Download Manager plugin <= 3.2.82 - File Password Lock Bypass vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-05-17 08:18 AM
cve
cve

CVE-2024-0431

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_set_default_card' function. This makes it possible for unauthenticated attackers to set the....

4.3CVSS

5.2AI Score

0.0004EPSS

2024-02-28 09:15 AM
63
cvelist
cvelist

CVE-2024-0431

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_set_default_card' function. This makes it possible for unauthenticated attackers to set the....

4.3CVSS

4.5AI Score

0.0004EPSS

2024-02-28 08:33 AM
2
cvelist
cvelist

CVE-2024-3313 SUBNET PowerSYSTEM Server and Substation Server Reliance on Insufficiently Trustworthy Component

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server...

8.4CVSS

8.7AI Score

0.0004EPSS

2024-04-09 10:40 PM
1
cve
cve

CVE-2024-34564

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt Inc. Counter Up allows Stored XSS.This issue affects Counter Up: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-05-08 11:15 AM
29
osv
osv

GeniXCMS SQL injection vulnerability

SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to...

7.2CVSS

8.3AI Score

0.002EPSS

2022-05-14 01:20 AM
5
nvd
nvd

CVE-2024-34761

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before...

8.5CVSS

0.0004EPSS

2024-06-10 04:15 PM
3
nvd
nvd

CVE-2024-4788

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with...

4.3CVSS

4.4AI Score

0.0004EPSS

2024-06-06 02:15 AM
1
cvelist
cvelist

CVE-2024-34761 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Arbitrary Function Execution vulnerability

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before...

8.5CVSS

0.0004EPSS

2024-06-10 03:34 PM
3
cvelist
cvelist

CVE-2024-34564 WordPress Counter Up plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt Inc. Counter Up allows Stored XSS.This issue affects Counter Up: from n/a through...

6.5CVSS

7.3AI Score

0.0004EPSS

2024-05-08 11:03 AM
cvelist
cvelist

CVE-2024-30445 WordPress Web Icons plugin <= 1.0.0.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-03-29 04:57 PM
1
nvd
nvd

CVE-2024-34762

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before...

9.9CVSS

0.0004EPSS

2024-06-10 04:15 PM
2
nvd
nvd

CVE-2024-28042

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-05-15 05:15 PM
2
cvelist
cvelist

CVE-2024-4329 Thim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access.....

6.4CVSS

6AI Score

0.0004EPSS

2024-05-11 06:43 AM
vulnrichment
vulnrichment

CVE-2024-4277 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-10 09:32 AM
cvelist
cvelist

CVE-2024-34567 WordPress Easy Notify Lite plugin <= 1.1.29 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through...

5.9CVSS

6.1AI Score

0.0004EPSS

2024-05-17 06:07 AM
vulnrichment
vulnrichment

CVE-2024-34567 WordPress Easy Notify Lite plugin <= 1.1.29 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through...

5.9CVSS

6.8AI Score

0.0004EPSS

2024-05-17 06:07 AM
cve
cve

CVE-2024-5638

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS

6AI Score

0.001EPSS

2024-06-08 06:15 AM
22
cve
cve

CVE-2024-25936

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through...

6.5CVSS

9.1AI Score

0.0004EPSS

2024-03-15 01:15 PM
40
nvd
nvd

CVE-2024-3946

The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-05-30 05:15 AM
2
cve
cve

CVE-2024-4361

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-21 11:15 AM
31
cvelist
cvelist

CVE-2024-3947 WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_settings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings...

4.3CVSS

4.7AI Score

0.0005EPSS

2024-05-30 04:31 AM
cvelist
cvelist

CVE-2024-1778

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-02-23 06:48 AM
cvelist
cvelist

CVE-2024-5638 Formula <= 0.5.1 - Reflected Cross-Site Scripting via ti_customizer_notify_dismiss_recommended_plugins

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS

0.001EPSS

2024-06-08 05:44 AM
2
cve
cve

CVE-2024-4041

The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS

6.3AI Score

0.001EPSS

2024-05-14 03:42 PM
13
cvelist
cvelist

CVE-2024-4041 Yoast SEO <= 22.5 - Reflected Cross-Site Scripting

The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS

6.4AI Score

0.001EPSS

2024-05-09 08:03 PM
1
nvd
nvd

CVE-2024-5646

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated....

6.4CVSS

0.001EPSS

2024-06-11 09:15 PM
1
nvd
nvd

CVE-2024-3313

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server...

8.4CVSS

8.6AI Score

0.0004EPSS

2024-04-09 11:15 PM
cve
cve

CVE-2024-1778

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to...

4.3CVSS

5.3AI Score

0.0004EPSS

2024-02-23 07:15 AM
49
cvelist
cvelist

CVE-2024-1779

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-02-23 06:48 AM
cvelist
cvelist

CVE-2024-31110 WordPress Contact Form 7 Newsletter plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katz Web Services, Inc. Contact Form 7 Newsletter allows Reflected XSS.This issue affects Contact Form 7 Newsletter: from n/a through...

7.1CVSS

7.1AI Score

0.0004EPSS

2024-03-31 06:57 PM
cvelist
cvelist

CVE-2024-5646 Futurio Extra <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Text Block Widget

The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘header_size’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated....

6.4CVSS

0.001EPSS

2024-06-11 08:33 PM
1
debiancve
debiancve

CVE-2023-52739

In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption like the following consistently: BUG: Bad page state in process ganesha.nfsd pfn:1304ca ...

7.2AI Score

0.0004EPSS

2024-05-21 04:15 PM
cve
cve

CVE-2024-31110

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katz Web Services, Inc. Contact Form 7 Newsletter allows Reflected XSS.This issue affects Contact Form 7 Newsletter: from n/a through...

7.1CVSS

9.3AI Score

0.0004EPSS

2024-03-31 07:15 PM
28
cvelist
cvelist

CVE-2024-5613 Formula <= 0.5.1 - Reflected Cross-Site Scripting via quality_customizer_notify_dismiss_action

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS

0.001EPSS

2024-06-08 05:44 AM
2
cve
cve

CVE-2024-3313

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server...

8.4CVSS

7AI Score

0.0004EPSS

2024-04-09 11:15 PM
25
cvelist
cvelist

CVE-2024-5489 Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level.....

4.3CVSS

4.3AI Score

0.001EPSS

2024-06-06 11:33 AM
2
vulnrichment
vulnrichment

CVE-2024-5613 Formula <= 0.5.1 - Reflected Cross-Site Scripting via quality_customizer_notify_dismiss_action

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS

6.4AI Score

0.001EPSS

2024-06-08 05:44 AM
nvd
nvd

CVE-2024-5613

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS

0.001EPSS

2024-06-08 06:15 AM
2
github
github

GeniXCMS SQL injection vulnerability

SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to...

7.2CVSS

8.3AI Score

0.002EPSS

2022-05-14 01:20 AM
4
githubexploit
githubexploit

Exploit for Use After Free in Linux Linux Kernel

CVE-2022-2586-LPE LPE N-day Exploit for...

7.8CVSS

7.2AI Score

0.0004EPSS

2022-09-03 07:04 PM
1059
vulnrichment
vulnrichment

CVE-2024-4364 Qi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-06 03:32 AM
nvd
nvd

CVE-2024-4364

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-06 04:15 AM
1
cve
cve

CVE-2024-1716

The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_form() function in all versions up to, and including, 1.0.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above,...

4.3CVSS

6.3AI Score

0.001EPSS

2024-05-02 05:15 PM
21
cve
cve

CVE-2024-4364

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

6AI Score

0.0004EPSS

2024-06-06 04:15 AM
24
cve
cve

CVE-2024-4634

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-16 11:15 AM
27
cve
cve

CVE-2024-2334

The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author....

6.4CVSS

7.7AI Score

0.0004EPSS

2024-04-09 07:15 PM
31
Total number of security vulnerabilities288358