Skip to main content

Ultimate Posts Widget

3 CVEs product

Monthly

CVE-2024-0561 MEDIUM POC This Month

The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Posts Widget
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3977 MEDIUM POC PATCH This Month

Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Backup Migration Clone Duplicate Post +7
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-0958 MEDIUM PATCH This Month

Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Backup Migration Clone Duplicate Post +8
NVD
CVSS 3.1
4.3
EPSS
0.2%
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Posts Widget
NVD WPScan
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Backup Migration +9
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Backup Migration +10
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy