CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23555 – WordPress Ui Slider Filter By Price plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23555
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ui Slider Filter By Price allows Reflected XSS. This issue affects Ui Slider Filter By Price: from n/a through 1.1. The Ui Slider Filter By Price plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts... • https://patchstack.com/database/wordpress/plugin/ui-slider-filter-by-price/vulnerability/wordpress-ui-slider-filter-by-price-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54419 – WordPress Ui Slider Filter By Price plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-54419
12 Dec 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Mansur Ahamed Ui Slider Filter By Price allows Cross Site Request Forgery.This issue affects Ui Slider Filter By Price: from n/a through 1.1. The Ui Slider Filter By Price plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted t... • https://patchstack.com/database/wordpress/plugin/ui-slider-filter-by-price/vulnerability/wordpress-ui-slider-filter-by-price-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54750
https://notcve.org/view.php?id=CVE-2024-54750
06 Dec 2024 — Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before. • https://colorful-meadow-5b9.notion.site/U6-LR_HardCode_vuln-14bc216a1c30806487ebdda3bb984e91?pvs=4 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45205
https://notcve.org/view.php?id=CVE-2024-45205
04 Dec 2024 — An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App (Version 10.17.7 and earlier) Mitigation: UniFi iOS App (Version 10.18.0 or later). An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a ma... • https://community.ui.com/releases/UniFi-iOS-10-18-0/42f02428-544c-4626-b5b3-5ae40308edc7 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-41721
https://notcve.org/view.php?id=CVE-2023-41721
25 Oct 2023 — Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later. Instancias de la aplicación UniFi Network que (i) se ejecutan en una consola UniFi Gateway ... • https://community.ui.com/releases/Security-Advisory-Bulletin-036-036/81367bc9-2a64-4435-95dc-bbe482457615 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 2%CPEs: 47EXPL: 1CVE-2023-35085
https://notcve.org/view.php?id=CVE-2023-35085
10 Aug 2023 — An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later. An integer overflow vulnerability in all UniFi... • https://github.com/maoruiQa/CVE-2023-35085-POC-EXP • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 2%CPEs: 47EXPL: 0CVE-2023-38034
https://notcve.org/view.php?id=CVE-2023-38034
10 Aug 2023 — A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later. A command injection vulnerability in the DHCP Client function of all Uni... • https://community.ui.com/releases/Security-Advisory-Bulletin-035-035/91107858-9884-44df-b1c6-63c6499f6e56 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31998
https://notcve.org/view.php?id=CVE-2023-31998
18 Jul 2023 — A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices. • https://community.ui.com/releases/Security-Advisory-Bulletin-033-033/17f7c7c0-830b-4625-a2ee-e90e514e7b0f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32000
https://notcve.org/view.php?id=CVE-2023-32000
07 Jul 2023 — A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page. • https://community.ui.com/releases/Security-Advisory-Bulletin-034-034/53cfcb84-b42b-4f8f-afbf-07c0ca7cabe2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28365
https://notcve.org/view.php?id=CVE-2023-28365
30 Jun 2023 — A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. • https://community.ui.com/releases/Security-Advisory-Bulletin-031-031/8c85fc64-e9a8-4082-9ec4-56b14effd545 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •