wpwax 漏洞與 CVE 列表(23)

產品(CPE): — CVE 數: 23

wpwax 漏洞概覽

彙總 wpwax 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

已披露問題常與 CSRF、路徑處理缺陷與檔案包含 相關,可能在 軟體部署與生產負載 場景中帶來 檔案覆寫與異常行為 等暴露風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 12023 CVE 數
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2025-1570 The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directorist_generate_password_reset_pin_code() and reset_user_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possi [email protected] 8.1 0.41% 2025-02-28 2026-06-17
CVE-2024-12041 The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users. [email protected] 5.3 0.38% 2025-02-01 2026-06-17
CVE-2025-24782 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate post-grid-carousel-ultimate allows PHP Local File Inclusion.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through <= 1.6.10. [email protected] 6.5 0.45% 2025-01-27 2026-06-17
CVE-2024-13409 The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass acce [email protected] 7.5 0.78% 2025-01-24 2026-06-17
CVE-2024-29925 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6. [email protected] 6.5 0.34% 2024-03-27 2026-06-17
CVE-2023-50886 Cross-Site Request Forgery (CSRF), Incorrect Authorization vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.3.7. [email protected] 4.3 0.21% 2024-03-15 2026-06-17
CVE-2024-2006 The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpost_shortcode_metabox_markup function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it c [email protected] 8.8 1.21% 2024-03-13 2026-06-17
CVE-2024-1950 The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to [email protected] 7.5 1.15% 2024-03-13 2026-06-17
CVE-2024-1322 The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for unauthenticated attackers to recreate default pages and enable or disable monetization and change map provider. [email protected] 5.3 0.52% 2024-02-28 2026-06-17
CVE-2023-2252 The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. [email protected] 2.7 1.31% 2024-01-16 2026-06-17
CVE-2023-47824 Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator plugin <= 1.3.8 versions. [email protected] 5.4 0.25% 2023-11-22 2026-06-17
CVE-2023-41798 Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1. [email protected] 5.1 0.50% 2023-11-07 2026-06-17
CVE-2023-1889 The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts. Please note CVE-2023-35052 appears to be a duplicate of this issue. [email protected] 6.5 0.61% 2023-06-09 2026-06-17
CVE-2023-1888 The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges. [email protected] 8.8 0.98% 2023-06-09 2026-06-17
CVE-2022-3961 The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information. [email protected] 6.5 0.70% 2022-12-19 2026-06-17
CVE-2022-3930 The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own. [email protected] 6.5 0.61% 2022-12-12 2026-06-17
CVE-2022-2376 The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users [email protected] 5.3 1.35% 2022-09-05 2026-06-17
CVE-2022-2377 The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog [email protected] 4.3 0.30% 2022-08-22 2026-06-17
CVE-2022-2046 The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations. [email protected] 4.9 0.76% 2022-08-08 2026-06-17
CVE-2022-34853 Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress. [email protected] 4.1 0.46% 2022-07-22 2026-06-17
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
cvelogic Threat Intelligence