Search Results | AttackerKB

Show filters

Topics 559 Users 9,700

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

559 Total Results

Displaying 1-10 of 559

Attacker Value

Unknown

CVE-2024-12173

Disclosure Date: February 19, 2025 (last updated February 19, 2025)

The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

0

Attacker Value

Unknown

CVE-2024-13726

Disclosure Date: February 17, 2025 (last updated February 17, 2025)

The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

0

Attacker Value

Unknown

CVE-2024-13627

Disclosure Date: February 17, 2025 (last updated February 17, 2025)

The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

0

Attacker Value

Unknown

CVE-2024-13626

Disclosure Date: February 17, 2025 (last updated February 17, 2025)

The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

0

Attacker Value

Unknown

CVE-2024-13625

Disclosure Date: February 17, 2025 (last updated February 17, 2025)

The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

0

Attacker Value

Unknown

CVE-2024-13608

Disclosure Date: February 17, 2025 (last updated February 17, 2025)

The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

0

Attacker Value

Unknown

CVE-2024-13603

Disclosure Date: February 17, 2025 (last updated February 17, 2025)

The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious form submissions.

0

Attacker Value

Unknown

CVE-2024-13306

Disclosure Date: February 15, 2025 (last updated February 15, 2025)

The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

0

Attacker Value

Unknown

CVE-2024-13208

Disclosure Date: February 15, 2025 (last updated February 15, 2025)

The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

0

Attacker Value

Unknown

CVE-2024-7052

Disclosure Date: February 14, 2025 (last updated February 14, 2025)

The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

0