Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-2172 The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the bad... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-2173 The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the bad... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-2174 The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and including, 3.7.1... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-2188 The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied parameter ... | 7.2 | HIGH | — | 0 |
| CVE-2023-2229 The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and... | 8.8 | HIGH | — | 0 |
| CVE-2023-2279 The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'admin_page_d... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-2352 The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. This is due to missing or incorrect nonce validation on the chp_abd... | 4.3 | MEDIUM | — | 0 |
| CVE-2006-0570 Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username para... | N/A | NONE | — | 0 |
| CVE-2023-2353 The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chp_abd_action function in versions up to, and i... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-2354 The CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings reachable though an AJAX action in versions up to, and including, 3.9.4 due to insuffici... | 4.9 | MEDIUM | — | 0 |
| CVE-2023-3162 The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user bein... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-3404 The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in th... | 4.9 | MEDIUM | — | 0 |
| CVE-2023-3677 The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user suppl... | 8.8 | HIGH | — | 0 |
| CVE-2024-1691 The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in al... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-1723 The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitizati... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1751 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to ins... | 8.8 | HIGH | — | 0 |
| CVE-2024-1763 The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-49657 Missing Authorization vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D Work... | 7.7 | HIGH | — | 0 |
| CVE-2024-1772 The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of un... | 8.8 | HIGH | — | 0 |
| CVE-2024-1793 The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all ve... | 7.2 | HIGH | — | 0 |
| CVE-2024-1806 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1854 The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and includ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1894 The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'burst_total_pageviews_count' custom meta field in all version... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1950 The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted inpu... | 7.5 | HIGH | — | 0 |
| CVE-2024-1951 The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via short... | 7.5 | HIGH | — | 0 |
| CVE-2024-1985 The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitizat... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-1996 The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sani... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1997 The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_fbchat_app_id' parameter of the Messenger Chat Widget in all versions up to, and including, 2.... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2000 The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigation_dots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2006 The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 vi... | 8.8 | HIGH | — | 0 |
| CVE-2024-2020 The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input san... | 7.2 | HIGH | — | 0 |
| CVE-2024-2030 The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.3 du... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2172 The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() fun... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-2194 The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and o... | 7.2 | HIGH | — | 0 |
| CVE-2024-2238 The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanit... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2252 The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-2286 The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2293 The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and out... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2242 The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all versions up to, and including, 5.9 due to insufficient input sanitization ... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-2249 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-1795 The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL Injection via the 'name' parameter in the woof shortcode in all versions up to, and including, 1.3.5.... | 8.8 | HIGH | — | 0 |
| CVE-2024-1796 The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'woof' shortcode in all versions up to, and including, 1.3.5... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-49658 Unrestricted Upload of File with Dangerous Type vulnerability in ecomerciar Woocommerce Custom Profile Picture woo-custom-profile-picture allows Upload a Web Shell to a Web Server.This issue affects W... | 9.9 | CRITICAL | — | 0 |
| CVE-2024-2399 The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sani... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2294 The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_do... | 4.9 | MEDIUM | — | 0 |
| CVE-2024-2308 The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to insuff... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-2042 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-49668 Unrestricted Upload of File with Dangerous Type vulnerability in christopherdewese1099 Verbalize WP verbalize-wp allows Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a thr... | 10.0 | CRITICAL | — | 0 |
| CVE-2024-49669 Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official ink-official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a throu... | 9.9 | CRITICAL | — | 0 |
| CVE-2024-1685 The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl p... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.