CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

CNNVD•added 2024/08/26 12:0 a.m.•1 views

WordPress plugin Create by Mediavine 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

7.5CVSS5.9AI score0.00641EPSS

Exploits0References2

Patchstack•added 2024/08/12 1:52 p.m.•2 views

WordPress Create by Mediavine plugin <= 1.9.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Create by Mediavine versions = 1.9.8...

7.5CVSS7AI score0.00641EPSS

Exploits0Affected Software1

Patchstack•added 2024/07/04 11:50 a.m.•2 views

WordPress Create by Mediavine plugin <= 1.9.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Create by Mediavine versions = 1.9.7...

6.5CVSS6.1AI score0.00143EPSS

Exploits0Affected Software1

ATTACKERKB•added 2024/06/27 8:15 a.m.•2 views

CVE-2024-5601

The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6.1AI score0.00233EPSS

Exploits0References5

Patchstack•added 2024/06/27 6:48 a.m.•2 views

WordPress Create by Mediavine plugin <= 1.9.7 - Contributor+ Stored Cross-Site Scripting via Schema Meta Shortcode vulnerability

Contributor+ Stored Cross-Site Scripting via Schema Meta Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Create by Mediavine versions = 1.9.7...

6.4CVSS5.8AI score0.00233EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/03/20 6:48 a.m.•10 views

CVE-2024-1711 Create by Mediavine <= 1.9.4 - Unauthenticated SQL Injection via 'id'

The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

9.8CVSS7.2AI score0.01164EPSS

Exploits0References3

CNNVD•added 2024/03/20 12:0 a.m.•1 views

WordPress Plugin Create by Mediavine Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

9.8CVSS7.5AI score0.01164EPSS

Exploits0References3

WPVulnDB•added 2024/03/19 12:0 a.m.•7 views

create by mediavine < 1.9.5 - Unauthenticated SQLi

Description The plugin is vulnerable to SQL Injection via the 'id' parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already...

9.8CVSS7.6AI score0.01164EPSS

Exploits0References1Affected Software1