Lucene search

K

Wp-plugins Security Vulnerabilities

cve
cve

CVE-2005-10002

A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able...

9.8CVSS

6.9AI Score

0.001EPSS

2023-10-29 03:15 PM
26
cve
cve

CVE-2007-10003

A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection....

8.8CVSS

9.1AI Score

0.001EPSS

2023-10-29 06:15 PM
31
cve
cve

CVE-2023-4962

The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS

5.2AI Score

0.001EPSS

2024-01-11 09:15 AM
15
cve
cve

CVE-2023-47223

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Map Plugins Basic Interactive World Map plugin <= 2.0...

4.8CVSS

4.9AI Score

0.0004EPSS

2023-11-08 07:15 PM
15
cve
cve

CVE-2022-47598

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Plugins Pro WP Super Popup plugin <= 1.1.2...

5.9CVSS

4.8AI Score

0.0005EPSS

2023-04-24 03:15 PM
18
cve
cve

CVE-2021-42548

Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting...

6.1CVSS

6AI Score

0.001EPSS

2021-12-13 11:15 AM
21
cve
cve

CVE-2021-42549

Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting...

6.1CVSS

6AI Score

0.001EPSS

2021-12-13 11:15 AM
21
cve
cve

CVE-2021-42547

Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting...

6.1CVSS

6AI Score

0.001EPSS

2021-12-13 11:15 AM
16
cve
cve

CVE-2021-42546

Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting...

6.1CVSS

6AI Score

0.001EPSS

2021-12-13 11:15 AM
22
cve
cve

CVE-2013-2693

Cross-site request forgery (CSRF) vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unspecified...

7.4AI Score

0.002EPSS

2014-04-10 08:29 PM
17