Lucene search

K

Wpdeveloper Security Vulnerabilities

cve
cve

CVE-2024-31284

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...

9.8CVSS

6.5AI Score

0.001EPSS

2024-06-09 07:15 PM
26
cve
cve

CVE-2024-30226

Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through...

9CVSS

6.8AI Score

0.0004EPSS

2024-03-28 05:15 AM
29
cve
cve

CVE-2024-31274

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-09 12:15 PM
29
cve
cve

CVE-2024-30467

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-06-09 11:15 AM
22
cve
cve

CVE-2024-34764

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through...

6.5CVSS

7AI Score

0.0004EPSS

2024-06-03 12:15 PM
25
cve
cve

CVE-2023-41955

Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.This issue affects Essential Addons for Elementor: from n/a through...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-05-17 07:15 AM
36
cve
cve

CVE-2024-32717

Missing Authorization vulnerability in WPDeveloper SchedulePress.This issue affects SchedulePress: from n/a through...

6.5CVSS

6.8AI Score

0.0004EPSS

2024-05-14 03:37 PM
34
cve
cve

CVE-2024-5188

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input sanitization...

6.4CVSS

6.1AI Score

0.001EPSS

2024-06-06 11:15 AM
22
cve
cve

CVE-2024-5571

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and...

6.4CVSS

6AI Score

0.001EPSS

2024-06-05 09:15 AM
24
cve
cve

CVE-2024-31306

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through...

6.5CVSS

9.2AI Score

0.0004EPSS

2024-04-07 06:15 PM
24
cve
cve

CVE-2024-0586

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output...

6.5CVSS

5.2AI Score

0.0004EPSS

2024-02-05 10:16 PM
14
cve
cve

CVE-2024-0585

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and...

5.4CVSS

5.2AI Score

0.0004EPSS

2024-02-05 10:16 PM
20
cve
cve

CVE-2024-0954

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient...

6.4CVSS

5.6AI Score

0.0004EPSS

2024-02-05 10:16 PM
14
cve
cve

CVE-2023-6623

The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion...

9.8CVSS

9.2AI Score

0.093EPSS

2024-01-15 04:15 PM
43
cve
cve

CVE-2023-7071

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.2AI Score

0.001EPSS

2024-01-11 09:15 AM
6
cve
cve

CVE-2023-6986

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient...

6.4CVSS

5.2AI Score

0.001EPSS

2024-01-03 07:15 AM
18
cve
cve

CVE-2023-7044

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it.....

6.4CVSS

5.2AI Score

0.001EPSS

2024-01-04 10:15 AM
13
cve
cve

CVE-2023-49184

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Parallax Slider Block allows Stored XSS.This issue affects Parallax Slider Block: from n/a through...

5.9CVSS

5.8AI Score

0.0004EPSS

2023-12-15 03:15 PM
32
cve
cve

CVE-2023-5750

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.1CVSS

6AI Score

0.0005EPSS

2023-12-11 08:15 PM
10
cve
cve

CVE-2023-5749

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.1CVSS

6AI Score

0.0005EPSS

2023-12-11 08:15 PM
15
cve
cve

CVE-2023-32245

Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through...

8.8CVSS

8.7AI Score

0.001EPSS

2023-11-18 11:15 PM
29
cve
cve

CVE-2022-46809

Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through...

9.8CVSS

9.3AI Score

0.001EPSS

2023-11-07 05:15 PM
8
cve
cve

CVE-2023-4402

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable...

9.8CVSS

9.4AI Score

0.001EPSS

2023-10-20 07:15 AM
19
cve
cve

CVE-2023-2085

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a...

4.3CVSS

4.3AI Score

0.001EPSS

2023-06-09 06:16 AM
13
cve
cve

CVE-2023-2087

The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged...

4.3CVSS

4.2AI Score

0.001EPSS

2023-06-09 06:16 AM
13
cve
cve

CVE-2023-2083

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is...

4.3CVSS

4.3AI Score

0.001EPSS

2023-06-09 06:16 AM
12
cve
cve

CVE-2023-3779

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers.....

5.3CVSS

5.7AI Score

0.001EPSS

2023-07-20 06:15 AM
2332
cve
cve

CVE-2023-2086

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While.....

4.3CVSS

4.3AI Score

0.001EPSS

2023-06-09 06:16 AM
15
cve
cve

CVE-2023-4283

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.2AI Score

0.001EPSS

2023-08-10 12:15 PM
14
cve
cve

CVE-2023-4282

The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or.....

5.4CVSS

4.6AI Score

0.001EPSS

2023-08-10 12:15 PM
15
cve
cve

CVE-2023-3371

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to...

7.5CVSS

7.6AI Score

0.001EPSS

2023-06-27 02:15 AM
14
cve
cve

CVE-2023-2833

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify...

8.8CVSS

8.4AI Score

0.001EPSS

2023-06-06 10:15 AM
20
cve
cve

CVE-2023-2084

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is...

4.3CVSS

4.3AI Score

0.001EPSS

2023-06-09 06:16 AM
10
cve
cve

CVE-2020-36744

The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via.....

4.3CVSS

4.2AI Score

0.001EPSS

2023-07-01 05:15 AM
6
cve
cve

CVE-2023-4386

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin......

8.1CVSS

8.3AI Score

0.001EPSS

2023-10-20 08:15 AM
31
cve
cve

CVE-2023-32241

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8...

7.1CVSS

6AI Score

0.0005EPSS

2023-08-29 09:15 PM
20
cve
cve

CVE-2023-32243

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through...

9.8CVSS

9.4AI Score

0.097EPSS

2023-05-12 08:15 AM
445
In Wild
cve
cve

CVE-2023-26325

The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns'...

8.8CVSS

8.9AI Score

0.001EPSS

2023-02-23 08:15 PM
22
cve
cve

CVE-2021-24353

The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site...

8.8CVSS

8.6AI Score

0.001EPSS

2021-06-14 02:15 PM
42
cve
cve

CVE-2021-24352

The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to export a site's...

8.8CVSS

8.6AI Score

0.001EPSS

2021-06-14 02:15 PM
37
cve
cve

CVE-2021-24356

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability checks and insufficient nonce check on the AJAX action, simple301redirects/admin/activate_plugin, made it possible for authenticated users to activate arbitrary plugins installed on vulnerable...

8.8CVSS

8.5AI Score

0.001EPSS

2021-06-14 02:15 PM
36
2
cve
cve

CVE-2021-24355

In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/get_wildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the....

4.3CVSS

4.9AI Score

0.001EPSS

2021-06-14 02:15 PM
35
cve
cve

CVE-2022-0349

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL...

9.8CVSS

9.7AI Score

0.024EPSS

2022-03-07 09:15 AM
152
cve
cve

CVE-2022-0683

The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes...

6.1CVSS

5.9AI Score

0.001EPSS

2022-02-24 07:15 PM
125
cve
cve

CVE-2022-0320

The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead...

9.8CVSS

9.4AI Score

0.002EPSS

2022-02-01 01:15 PM
123
cve
cve

CVE-2021-24812

The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious...

5.4CVSS

5.2AI Score

0.001EPSS

2021-11-23 08:15 PM
19
cve
cve

CVE-2021-24633

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to...

4.3CVSS

4.4AI Score

0.001EPSS

2021-09-27 04:15 PM
20
cve
cve

CVE-2021-24354

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable...

8.8CVSS

8.5AI Score

0.001EPSS

2021-06-14 02:15 PM
37
cve
cve

CVE-2021-24255

The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via a similar...

5.4CVSS

5.2AI Score

0.001EPSS

2021-05-05 07:15 PM
41
cve
cve

CVE-2017-18503

The twitter-cards-meta plugin before 2.5.0 for WordPress has...

6.1CVSS

6.4AI Score

0.001EPSS

2019-08-12 04:15 PM
27
Total number of security vulnerabilities51