Skip to main content

Wp Publications

2 CVEs product

Monthly

CVE-2024-11605 MEDIUM POC This Month

The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Publications
NVD WPScan Exploit-DB
CVSS 3.1
4.8
EPSS
1.2%
CVE-2021-38360 CRITICAL Act Now

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE Path Traversal PHP Wp Publications
NVD
CVSS 3.1
9.8
EPSS
2.3%
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Publications
NVD WPScan Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL Act Now

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE Path Traversal +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy