CVE-2025-53582
- EPSS 0.04%
- Veröffentlicht 14.08.2025 18:21:52
- Zuletzt bearbeitet 15.08.2025 13:12:51
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordLift WordLift allows Stored XSS. This issue affects WordLift: from n/a through 3.54.5.
CVE-2025-30624
- EPSS 0.05%
- Veröffentlicht 06.06.2025 13:15:31
- Zuletzt bearbeitet 06.06.2025 14:06:58
Missing Authorization vulnerability in WordLift WordLift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordLift: from n/a through 3.54.4.
CVE-2024-12176
- EPSS 0.11%
- Veröffentlicht 07.01.2025 05:15:15
- Zuletzt bearbeitet 07.01.2025 05:15:15
The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0. This makes it possible for unauthen...
CVE-2022-3069
- EPSS 0.33%
- Veröffentlicht 26.09.2022 13:15:10
- Zuletzt bearbeitet 22.05.2025 14:15:59
The WordLift WordPress plugin before 3.37.2 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.