CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1183 matches found

WPVulnDB•added 2024/06/11 12:0 a.m.•13 views

Visual Composer Website Builder < 45.9.0 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 45.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

6.5CVSS5.7AI score0.00279EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/06/11 12:0 a.m.•3 views

SAP Document Builder Code Issue Vulnerability

SAP Document Builder is a content-driven cross-application solution from SAP, Germany. A code issue vulnerability exists in SAP Document Builder that originates from an authenticated attacker being able to upload malicious files to the service that can be accessed, modified, or made unavailable i...

6.5CVSS7AI score0.00241EPSS

Exploits0References5

Vulnrichment•added 2024/06/07 2:2 a.m.•31 views

CVE-2024-1689 WooCommerce Tools <= 1.2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation

The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommercetooltogglemodule function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS6.6AI score0.00335EPSS

Exploits0References3

Cvelist•added 2024/06/06 3:53 a.m.•29 views

CVE-2024-5161 Magical Addons For Elementor <= 1.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Magical Addons For Elementor Header Footer Builder, Free Elementor Widgets, Elementor Templates Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.39 due to insufficient input sanitization and output...

6.4CVSS5.7AI score0.00314EPSS

Exploits0References3

Vulnrichment•added 2024/06/06 2:3 a.m.•10 views

CVE-2024-2350 Clever Addons for Elementor <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple CAFE Widgets

The Clever Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CAFE Icon, CAFE Team Member, and CAFE Slider widgets in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.00329EPSS

Exploits0References4

WPVulnDB•added 2024/06/06 12:0 a.m.•9 views

Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks < 2.2.81 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization...

6.4CVSS5.8AI score0.00263EPSS

Exploits0References1Affected Software1

OSV•added 2024/06/05 7:15 a.m.•2 views

CVE-2024-5222

The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output...

5.4CVSS5.9AI score0.00315EPSS

Exploits0References4

Packet Storm•added 2024/05/31 12:0 a.m.•255 views

BWL Advanced FAQ Manager 2.0.3 SQL Injection

Exploit Title: BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection Date: 14 Apr 2024 Exploit Author: Ivan Spiridonov xbz0n Software Link: https://codecanyon.net/item/bwl-advanced-faq-manager/5007135 Version: 2.0.3 Tested on: Ubuntu 20.04 CVE: CVE-2024-32136 SQL Injection SQL injection is...

4.7CVSS7.1AI score0.01307EPSS

Exploits3

Cvelist•added 2024/05/24 6:42 a.m.•24 views

CVE-2024-4484 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xaiusername’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.00707EPSS

Exploits0References3

OSV•added 2024/05/23 11:15 a.m.•1 views

UBUNTU-CVE-2024-5258

An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic...

4.4CVSS5.8AI score0.00275EPSS

Exploits1References3

Vulnrichment•added 2024/05/22 8:31 a.m.•12 views

CVE-2024-4896 WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter

The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS5.8AI score0.00322EPSS

Exploits0References3

OSV•added 2024/05/22 8:15 a.m.•1 views

CVE-2024-4157

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for...

8.8CVSS6AI score

Exploits0References2

Cvelist•added 2024/05/22 5:32 a.m.•25 views

CVE-2024-5092 Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets

The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Switcher, Slider, and Iconbox widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.9AI score0.00321EPSS

Exploits0References4

WPVulnDB•added 2024/05/21 12:0 a.m.•6 views

Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'print-me' shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'tag'. This makes it...

6.4CVSS5.8AI score0.00273EPSS

Exploits0References1

WPVulnDB•added 2024/05/21 12:0 a.m.•14 views

Piotnet Addons For Elementor < 2.4.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Attributes

Description The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

7.2CVSS5.8AI score0.0031EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/05/21 12:0 a.m.•11 views

Ninja Beaver Add-ons for Beaver Builder <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets

Description The Ninja Beaver Add-ons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes such as urls. This...

6.4CVSS5.9AI score0.00267EPSS

Exploits0References1

Vulnrichment•added 2024/05/18 7:38 a.m.•14 views

CVE-2024-4709 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes i...

7.2CVSS5.8AI score0.00387EPSS

Exploits0References5

Cvelist•added 2024/05/16 8:32 a.m.•36 views

CVE-2024-3887 Royal Elementor Addons and Templates <= 1.3.974 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.5AI score0.00283EPSS

Exploits0References2

CVE•added 2024/05/16 5:33 a.m.•57 views

CVE-2024-4279

Summary: CVE-2024-4279 affects Tutor LMS – eLearning and online course solution for WordPress. An insecure direct object reference vulnerability exists in the tutor_course_delete function caused by missing validation on a user-controlled key, enabling an authenticated attacker with Instructor-lev...

6.5CVSS6.5AI score0.00418EPSS

Exploits0References3Affected Software1

OSV•added 2024/05/14 4:17 p.m.•7 views

PYSEC-2024-264

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue...

5.4CVSS6AI score0.01559EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by