538 results (0.002 seconds)

CVSS: -EPSS: %CPEs: 2EXPL: 1

The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. • https://wpscan.com/vulnerability/81320923-767c-43f0-a8eb-b398c306c16f •

CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 1

The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks • https://wpscan.com/vulnerability/eb2d0932-fd47-4aef-9d08-4377c742bb6e •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/3c4ff11b-4a06-433d-8f0e-4069865721c0 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

The Alphabetical List WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack • https://wpscan.com/vulnerability/9bc18c41-fc4c-48c9-bcec-323c502ae620 •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. • https://wpscan.com/vulnerability/f0f4a33c-9dd2-45ee-82e7-4b8bc2c20094 •