FULL. scan security - faça o scan do seu wordpress e encontre vulnerabilidades
Exibindo 100 de 1.428 ameaças
Core
×
Tipo | Software | Vulnerabilidade | Descoberta | Gravidade |
---|---|---|---|---|
Core | Não informado |
CVE-2025-0169
The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Ver mais |
08/02/2025 |
Médio
6.4
|
Core | Não informado |
CVE-2025-25077
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugbug Easy Chart Builder for WordPress allows Stored XSS. This issue affects Easy Chart Builder for WordPress: from n/a through 1.3. Ver mais |
07/02/2025 |
Médio
6.5
|
Core | Não informado |
CVE-2025-23614
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nik Sudan WordPress Additional Logins allows Reflected XSS. This issue affects WordPress Additional Logins: from n/a through 1.0.0. Ver mais |
03/02/2025 |
Alto
7.1
|
Core | Não informado |
CVE-2025-23588
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WOW WordPress WOW Best CSS Compiler allows Reflected XSS. This issue affects WOW Best CSS Compiler: from n/a through 2.0.2. Ver mais |
03/02/2025 |
Alto
7.1
|
Core | Não informado |
CVE-2025-22704
Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri WordPress Signature allows Cross Site Request Forgery. This issue affects WordPress Signature: from n/a through 0.1. Ver mais |
03/02/2025 |
Médio
5.4
|
Core | Não informado |
CVE-2025-24563
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGlow Cleanup – Directory Listing & Classifieds WordPress Plugin allows Reflected XSS. This issue affects Cleanup – Directory Listing & Classifieds WordPress Plugin: from n/a through 1.0.4. Ver mais |
31/01/2025 |
Alto
7.1
|
Core | Não informado |
CVE-2025-24659
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WordPress Download Manager Premium Packages allows Blind SQL Injection. This issue affects Premium Packages: from n/a through 5.9.6. Ver mais |
24/01/2025 |
Alto
7.6
|
Core | Não informado |
CVE-2025-24666
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeIsle AI Chatbot for WordPress – Hyve Lite allows Stored XSS. This issue affects AI Chatbot for WordPress – Hyve Lite: from n/a through 1.2.2. Ver mais |
24/01/2025 |
Médio
5.9
|
Core | Não informado |
CVE-2025-24652
Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6. Ver mais |
24/01/2025 |
Médio
5.4
|
Core | Não informado |
CVE-2025-24588
Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1. Ver mais |
24/01/2025 |
Médio
6.5
|
Core | Não informado |
CVE-2024-13698
The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_image_via_ai' and 'generate_image_via_ai' functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application to upload files in an image format, and to generate AI images using the site's OpenAI key. Ver mais |
24/01/2025 |
Médio
6.5
|
Core | Não informado |
CVE-2025-23931
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WordPress Local SEO allows Blind SQL Injection. This issue affects WordPress Local SEO: from n/a through 2.3. Ver mais |
22/01/2025 |
Crítico
9.3
|
Core | Não informado |
CVE-2025-23867
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WordPress File Search allows Reflected XSS. This issue affects WordPress File Search: from n/a through 1.2. Ver mais |
22/01/2025 |
Alto
7.1
|
Core | Não informado |
CVE-2025-23535
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in clickandsell REAL WordPress Sidebar allows Stored XSS. This issue affects REAL WordPress Sidebar: from n/a through 0.1. Ver mais |
22/01/2025 |
Alto
7.1
|
Core | Não informado |
CVE-2025-22735
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TaxoPress WordPress Tag Cloud Plugin – Tag Groups allows Reflected XSS. This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through 2.0.4. Ver mais |
21/01/2025 |
Alto
7.1
|
Core | Não informado |
CVE-2024-49333
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5. Ver mais |
21/01/2025 |
Alto
8.5
|
Core | Não informado |
CVE-2024-49300
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5. Ver mais |
21/01/2025 |
Alto
7.1
|
Core | Não informado |
CVE-2024-49303
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5. Ver mais |
21/01/2025 |
Alto
8.5
|
Core | Não informado |
CVE-2025-23961
Missing Authorization vulnerability in WP Tasker WordPress Graphs & Charts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through 2.0.8. Ver mais |
16/01/2025 |
Médio
5.4
|
Core | Não informado |
CVE-2025-23913
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pankajpragma, rahulpragma WordPress Google Map Professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through 1.0. Ver mais |
16/01/2025 |
Alto
8.5
|
Core | Não informado |
CVE-2025-23912
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typomedia Foundation WordPress Custom Sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through 2.3. Ver mais |
16/01/2025 |
Alto
8.5
|
Core | Não informado |
CVE-2025-23828
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OriginalTips.com WordPress Data Guard allows Stored XSS.This issue affects WordPress Data Guard: from n/a through 8. Ver mais |
16/01/2025 |
Alto
7.1
|
Core | Não informado |
CVE-2025-23842
Cross-Site Request Forgery (CSRF) vulnerability in Nilesh Shiragave WordPress Gallery Plugin allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin: from n/a through 1.4. Ver mais |
16/01/2025 |
Alto
7.1
|
Core | Não informado |
CVE-2025-23823
Cross-Site Request Forgery (CSRF) vulnerability in jprintf CNZZ&51LA for WordPress allows Cross Site Request Forgery.This issue affects CNZZ&51LA for WordPress: from n/a through 1.0.1. Ver mais |
16/01/2025 |
Alto
7.1
|
Core | Não informado |
CVE-2025-23510
Cross-Site Request Forgery (CSRF) vulnerability in Zaantar WordPress Logging Service allows Stored XSS.This issue affects WordPress Logging Service: from n/a through 1.5.4. Ver mais |
16/01/2025 |
Alto
7.1
|
Core | Não informado |
CVE-2025-23435
Cross-Site Request Forgery (CSRF) vulnerability in David Marcucci Password Protect Plugin for WordPress allows Stored XSS.This issue affects Password Protect Plugin for WordPress: from n/a through 0.8.1.0. Ver mais |
16/01/2025 |
Alto
7.1
|
Core | Não informado |
CVE-2025-23423
Missing Authorization vulnerability in Smackcoders SendGrid for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendGrid for WordPress: from n/a through 1.4. Ver mais |
16/01/2025 |
Médio
4.3
|
Core | Não informado |
CVE-2025-0170
The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Ver mais |
15/01/2025 |
Médio
6.1
|
Core | Não informado |
CVE-2025-22762
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace Studio WordPress HelpDesk & Support Ticket System Plugin – Octrace Support allows Stored XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin – Octrace Support: from n/a through 1.2.7. Ver mais |
15/01/2025 |
Médio
5.9
|
Core | Não informado |
CVE-2025-22813
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChatBot for WordPress - WPBot Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.4.2. Ver mais |
09/01/2025 |
Médio
6.5
|
Core | Não informado |
CVE-2025-22802
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail allows Stored XSS.This issue affects Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail: from n/a through 2.1.4. Ver mais |
09/01/2025 |
Médio
6.5
|
Core | Não informado |
CVE-2025-22503
Cross-Site Request Forgery (CSRF) vulnerability in Digital Zoom Studio Admin debug wordpress – enable debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress – enable debug: from n/a through 1.0.13. Ver mais |
07/01/2025 |
Médio
4.3
|
Core | Não informado |
CVE-2025-22349
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7. Ver mais |
07/01/2025 |
Alto
7.6
|
Core | Não informado |
CVE-2025-22336
Cross-Site Request Forgery (CSRF) vulnerability in WordPress 智库 Wizhi Multi Filters by Wenprise allows Stored XSS.This issue affects Wizhi Multi Filters by Wenprise: from n/a through 1.8.6. Ver mais |
07/01/2025 |
Alto
7.1
|
Core | Não informado |
CVE-2025-22298
Missing Authorization vulnerability in Hive Support Hive Support – WordPress Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.6. Ver mais |
07/01/2025 |
Médio
4.3
|
Core | Não informado |
CVE-2024-56302
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ConvertCalculator ConvertCalculator for WordPress allows Stored XSS.This issue affects ConvertCalculator for WordPress: from n/a through 1.1.1. Ver mais |
02/01/2025 |
Médio
6.5
|
Core | Não informado |
CVE-2024-56245
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.42. Ver mais |
02/01/2025 |
Médio
6.5
|
Core | Não informado |
CVE-2024-56022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress Monsters Preloader by WordPress Monsters allows Reflected XSS.This issue affects Preloader by WordPress Monsters: from n/a through 1.2.3. Ver mais |
02/01/2025 |
Alto
7.1
|
Core | Não informado |
CVE-2023-46644
Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8. Ver mais |
02/01/2025 |
Médio
6.5
|
Core | Não informado |
CVE-2023-45636
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.1. Ver mais |
02/01/2025 |
Médio
5.4
|
Core | Não informado |
CVE-2018-25106
A vulnerability, which was classified as critical, has been found in webuidesigning NebulaX Theme up to 5.0 on WordPress. This issue affects the function nebula_send_to_hubspot of the file libs/Legacy/Legacy.php. The manipulation leads to sql injection. The attack may be initiated remotely. The patch is named 41230a81db0f671c570c2644bc2f80565ca83c5a. It is recommended to apply a patch to fix this issue. Ver mais |
23/12/2024 |
Médio
6.3
|
Core | Não informado |
CVE-2024-55998
Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through 1.36. Ver mais |
16/12/2024 |
Médio
5.4
|
Core | Não informado |
CVE-2024-54391
Cross-Site Request Forgery (CSRF) vulnerability in Matt Walters WordPress Filter allows Stored XSS.This issue affects WordPress Filter: from n/a through 1.4.1. Ver mais |
16/12/2024 |
Alto
7.1
|
Core | Não informado |
CVE-2024-54384
Missing Authorization vulnerability in eLightUp Falcon – WordPress Optimizations & Tweaks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through 2.8.3. Ver mais |
16/12/2024 |
Médio
4.3
|
Core | Não informado |
CVE-2024-54356
Cross-Site Request Forgery (CSRF) vulnerability in vCita.com Online Booking & Scheduling Calendar for WordPress by vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5. Ver mais |
16/12/2024 |
Médio
5.4
|
Core | Não informado |
CVE-2024-54321
Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support – WordPress Help Desk allows Cross Site Request Forgery.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.2. Ver mais |
13/12/2024 |
Médio
4.3
|
Core | Não informado |
CVE-2024-54326
Missing Authorization vulnerability in Eyal Fitoussi GEO my WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GEO my WordPress: from n/a through 4.5.0.4. Ver mais |
13/12/2024 |
Médio
6.5
|
Core | Não informado |
CVE-2024-54304
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support – WordPress Help Desk allows SQL Injection.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.2. Ver mais |
13/12/2024 |
Alto
8.5
|
Core | Não informado |
CVE-2024-54272
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Radius Blocks – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Radius Blocks – WordPress Gutenberg Blocks: from n/a through 2.1.2. Ver mais |
13/12/2024 |
Médio
6.5
|
Core | Não informado |
CVE-2024-54274
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace Studio WordPress HelpDesk & Support Ticket System Plugin – Octrace Support allows Reflected XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin – Octrace Support: from n/a through 1.2.7. Ver mais |
13/12/2024 |
Alto
7.1
|
Core | Não informado |
CVE-2024-54233
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Reflected XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through 2.16.0. Ver mais |
13/12/2024 |
Alto
7.1
|
Core | Não informado |
CVE-2023-41951
Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14. Ver mais |
13/12/2024 |
Médio
4.3
|
Core | Não informado |
CVE-2023-33928
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.0. Ver mais |
13/12/2024 |
Médio
4.3
|
Core | Não informado |
CVE-2022-47429
Missing Authorization vulnerability in 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin allows Retrieve Embedded Sensitive Data.This issue affects Coming Soon Landing Page and Maintenance Mode WordPress Plugin: from n/a through 2.2.0. Ver mais |
13/12/2024 |
Médio
5.3
|
Core | Não informado |
CVE-2024-52480
Missing Authorization vulnerability in Astoundify Jobify - Job Board WordPress Theme.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. Ver mais |
09/12/2024 |
Médio
5.3
|
Core | Não informado |
CVE-2023-48332
Missing Authorization vulnerability in Tech Banker Mail Bank - #1 Mail SMTP Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mail Bank - #1 Mail SMTP Plugin for WordPress: from n/a through 4.0.14. Ver mais |
09/12/2024 |
Médio
4.3
|
Core | Não informado |
CVE-2023-28165
Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28. Ver mais |
09/12/2024 |
Médio
4.3
|
Core | Não informado |
CVE-2023-28168
Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9. Ver mais |
09/12/2024 |
Baixo
3.7
|
Core | Não informado |
CVE-2023-25455
Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0. Ver mais |
09/12/2024 |
Médio
5.3
|
Core | Não informado |
CVE-2023-24375
Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.5.14. Ver mais |
09/12/2024 |
Baixo
3.5
|
Core | Não informado |
CVE-2023-23887
Missing Authorization vulnerability in Shaon Easy Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Google Analytics for WordPress: from n/a through 1.6.0. Ver mais |
09/12/2024 |
Médio
5.3
|
Core | Não informado |
CVE-2023-23716
Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: from n/a through 1.8.4. Ver mais |
09/12/2024 |
Médio
4.3
|
Core | Não informado |
CVE-2024-54213
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.12. Ver mais |
06/12/2024 |
Médio
6.5
|
Core | Não informado |
CVE-2024-54207
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPress Auction Plugin: from n/a through 3.7. Ver mais |
06/12/2024 |
Médio
5.9
|
Core | Não informado |
CVE-2024-51615
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7. Ver mais |
06/12/2024 |
Crítico
9.3
|
Core | Não informado |
CVE-2024-52478
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Stored XSS.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. Ver mais |
02/12/2024 |
Médio
6.5
|
Core | Não informado |
CVE-2024-52479
Cross-Site Request Forgery (CSRF) vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. Ver mais |
02/12/2024 |
Médio
4.3
|
Core | Não informado |
CVE-2024-52461
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kinsta WordPress Hosting Infinite Slider allows Reflected XSS.This issue affects Infinite Slider: from n/a through 2.0.1. Ver mais |
02/12/2024 |
Alto
7.1
|
Core | Não informado |
CVE-2024-12015
The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route. Ver mais |
02/12/2024 |
Alto
7.7
|
Core | Não informado |
CVE-2024-53788
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7. Ver mais |
30/11/2024 |
Médio
5.9
|
Core | Não informado |
CVE-2024-52481
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. Ver mais |
28/11/2024 |
Alto
7.5
|
Core | Não informado |
CVE-2024-51807
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Black and White Digital Ltd AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress allows Stored XSS.This issue affects AgendaPress – Easily Publish Meeting Agendas and Programs on WordPress: from n/a through 1.0.8. Ver mais |
19/11/2024 |
Médio
6.5
|
Core | Não informado |
CVE-2024-51634
Cross-Site Request Forgery (CSRF) vulnerability in Webriti WordPress Themes & Plugins Shop Webriti Custom Login allows Reflected XSS.This issue affects Webriti Custom Login: from n/a through 0.3. Ver mais |
19/11/2024 |
Alto
7.1
|
Core | Não informado |
CVE-2024-50541
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Stored XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through 2.16.0. Ver mais |
19/11/2024 |
Médio
6.5
|
Core | Não informado |
CVE-2024-52431
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0. Ver mais |
18/11/2024 |
Crítico
9.8
|
Core | Não informado |
CVE-2024-52408
Unrestricted Upload of File with Dangerous Type vulnerability in Team PushAssist Push Notifications for WordPress by PushAssist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through 3.0.8. Ver mais |
16/11/2024 |
Crítico
9.9
|
Core | Não informado |
CVE-2024-52370
Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support – WordPress Help Desk allows Upload a Web Shell to a Web Server.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.1. Ver mais |
14/11/2024 |
Crítico
9.9
|
Core | Não informado |
CVE-2024-52376
Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through 1.0.1. Ver mais |
14/11/2024 |
Crítico
10
|
Core | Não informado |
CVE-2024-51702
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benjamin Moody, Eric Holmes SrcSet Responsive Images for WordPress allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through 1.4. Ver mais |
09/11/2024 |
Alto
7.1
|
Core | Não informado |
CVE-2024-51708
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narnoo WordPress developer Narnoo Commerce Manager allows Reflected XSS.This issue affects Narnoo Commerce Manager: from n/a through 1.6.0. Ver mais |
09/11/2024 |
Alto
7.1
|
Core | Não informado |
CVE-2024-51682
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Builder – WordPress Theme Builder for Elementor allows Stored XSS.This issue affects HT Builder – WordPress Theme Builder for Elementor: from n/a through 1.3.0. Ver mais |
04/11/2024 |
Médio
5.4
|
Core | Não informado |
CVE-2024-44020
Missing Authorization vulnerability in Prasad Kirpekar WP Free SSL – Free SSL Certificate for WordPress and force HTTPS allows . This issue affects WP Free SSL – Free SSL Certificate for WordPress and force HTTPS: from n/a through 1.2.6. Ver mais |
01/11/2024 |
Alto
8.8
|
Core | Não informado |
CVE-2024-43268
Access Control vulnerability in WPBackItUp Backup and Restore WordPress allows . This issue affects Backup and Restore WordPress: from n/a through 1.50. Ver mais |
01/11/2024 |
Médio
5.4
|
Core | Não informado |
CVE-2024-43270
Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50. Ver mais |
01/11/2024 |
Médio
5.3
|
Core | Não informado |
CVE-2024-43235
Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10. Ver mais |
01/11/2024 |
Alto
7.1
|
Core | Não informado |
CVE-2024-39639
Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n/a through 4.24.7. Ver mais |
01/11/2024 |
Médio
4.3
|
Core | Não informado |
CVE-2024-38792
Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress – ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 234. Ver mais |
01/11/2024 |
Médio
5.3
|
Core | Não informado |
CVE-2024-38690
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3. Ver mais |
01/11/2024 |
Médio
5.3
|
Core | Não informado |
CVE-2024-37218
Missing Authorization vulnerability in WordPress Page Builder Sandwich Team Page Builder Sandwich – Front-End Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0. Ver mais |
01/11/2024 |
Médio
4.3
|
Core | Não informado |
CVE-2024-37226
Missing Authorization vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. Ver mais |
01/11/2024 |
Médio
5.3
|
Core | Não informado |
CVE-2024-50459
Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3. Ver mais |
29/10/2024 |
Crítico
9.8
|
Core | Não informado |
CVE-2024-50466
Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8. Ver mais |
29/10/2024 |
Alto
8.8
|
Core | Não informado |
CVE-2024-50427
Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136. Ver mais |
29/10/2024 |
Crítico
9.9
|
Core | Não informado |
CVE-2024-50415
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagup Ads.Txt & App-ads.Txt Manager for WordPress allows Stored XSS.This issue affects Ads.Txt & App-ads.Txt Manager for WordPress: from n/a through 1.1.7.1. Ver mais |
29/10/2024 |
Médio
5.9
|
Core | Não informado |
CVE-2024-50496
Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through 6.2. Ver mais |
28/10/2024 |
Crítico
10
|
Core | Não informado |
CVE-2024-50451
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4. Ver mais |
28/10/2024 |
Médio
5.4
|
Core | Não informado |
CVE-2024-50450
Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4. Ver mais |
28/10/2024 |
Crítico
9.8
|
Core | Não informado |
CVE-2024-49627
Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4. Ver mais |
20/10/2024 |
Alto
8.8
|
Core | Não informado |
CVE-2024-49231
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Peter CyClop WordPress Video allows Stored XSS.This issue affects WordPress Video: from n/a through 1.0. Ver mais |
18/10/2024 |
Médio
5.4
|
Core | Não informado |
CVE-2024-49302
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7. Ver mais |
17/10/2024 |
Médio
6.5
|