Show filters
462 Total Results
Displaying 11-20 of 462
Sort by:
Attacker Value
Unknown

CVE-2025-28905

Disclosure Date: March 11, 2025 (last updated March 12, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaser324 Featured Posts Grid allows Stored XSS. This issue affects Featured Posts Grid: from n/a through 1.7.
0
Attacker Value
Unknown

CVE-2025-23368

Disclosure Date: March 04, 2025 (last updated March 05, 2025)
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
Attacker Value
Unknown

CVE-2025-26999

Disclosure Date: March 03, 2025 (last updated March 04, 2025)
Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid allows Object Injection. This issue affects ProfileGrid : from n/a through 5.9.4.3.
0
Attacker Value
Unknown

CVE-2024-13796

Disclosure Date: February 28, 2025 (last updated March 07, 2025)
The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data.
Attacker Value
Unknown

CVE-2024-6261

Disclosure Date: February 27, 2025 (last updated March 12, 2025)
The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'FinalTilesGallery' shortcode in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Attacker Value
Unknown

CVE-2025-27317

Disclosure Date: February 24, 2025 (last updated February 25, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in IT-RAYS RAYS Grid allows Cross Site Request Forgery. This issue affects RAYS Grid: from n/a through 1.3.1.
0
Attacker Value
Unknown

CVE-2024-13740

Disclosure Date: February 18, 2025 (last updated February 25, 2025)
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read private conversations of other users.
Attacker Value
Unknown

CVE-2024-13741

Disclosure Date: February 18, 2025 (last updated February 25, 2025)
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to download and view images, as well as validating if a non-image file exists, both on local or remote hosts.
Attacker Value
Unknown

CVE-2024-11831

Disclosure Date: February 10, 2025 (last updated February 27, 2025)
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
0
Attacker Value
Unknown

CVE-2025-0859

Disclosure Date: February 06, 2025 (last updated February 27, 2025)
The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.