Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
612050.9%HIGH

Related CVEs

12
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2024-0852The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as adminHIGH8.843.2%May 15, 2025
CVE-2024-0868The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary valueMEDIUM5.337.9%Apr 17, 2024
CVE-2024-25093Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.This issue affects GD Rating System: from n/a through 3.5.MEDIUM6.131.6%Feb 29, 2024
CVE-2023-46821Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7.HIGH7.243.1%Nov 6, 2023
CVE-2023-40330Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Petrovic GD Security Headers plugin <= 1.6.1 versions.MEDIUM6.124.8%Sep 27, 2023
CVE-2023-3122The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.MEDIUM6.137.0%Jul 12, 2023
CVE-2022-45816Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1 on WordPress.MEDIUM5.4Dec 6, 2022
CVE-2017-18591The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php.NONE55.3%Aug 27, 2019
CVE-2015-5482Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.NONE75.8%Aug 18, 2015
CVE-2015-5481Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.NONE78.9%Aug 18, 2015
CVE-2014-2839SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php.NONE73.4%Jan 12, 2015
CVE-2014-2838Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors.NONE58.9%Jan 12, 2015