CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2024/09/17 6:15 a.m.•1 views

CVE-2024-5170

The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Vulnrichment•added 2024/09/17 6:0 a.m.•15 views

CVE-2024-5170 Logo Manager For Enamad <= 0.7.1 - Admin+ Stored XSS via Widget

5.2AI score0.00106EPSS

Cvelist•added 2024/09/17 6:0 a.m.•15 views

CVE-2024-5170 Logo Manager For Enamad <= 0.7.1 - Admin+ Stored XSS via Widget

0.00106EPSS

NVD•added 2024/09/13 6:15 a.m.•14 views

CVE-2024-6617

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS0.00186EPSS

OSV•added 2024/09/13 6:15 a.m.•2 views

CVE-2024-6617

Vulnrichment•added 2024/09/13 6:0 a.m.•12 views

CVE-2024-6493 NinjaTeam Header Footer Custom Code < 1.2 - Admin+ Stored XSS

6AI score0.00244EPSS

Cvelist•added 2024/09/13 6:0 a.m.•14 views

CVE-2024-6493 NinjaTeam Header Footer Custom Code < 1.2 - Admin+ Stored XSS

0.00244EPSS

Vulnrichment•added 2024/09/13 6:0 a.m.•12 views

CVE-2024-6617 NinjaTeam Header Footer Custom Code <= 1.2 - Admin+ Stored XSS via CSS Styles

6AI score0.00186EPSS

CVE•added 2024/09/12 6:0 a.m.•53 views

CVE-2024-6887

The CVE-2024-6887 entry concerns the WordPress plugin Giveaways and Contests by RafflePress (versions prior to 1.12.16). The root cause is inadequate sanitisation/escaping of certain Giveaways settings, which could allow stored XSS when performed by high-privilege users (e.g., editors and above) ...

4.8CVSS4.7AI score0.00219EPSS

Exploits1References1Affected Software1

Cvelist•added 2024/09/12 6:0 a.m.•14 views

CVE-2024-6887 Giveaways and Contests by RafflePress < 1.12.16 - Editor+ Stored XSS

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallow...

0.00219EPSS

NVD•added 2024/09/11 6:15 a.m.•11 views

CVE-2024-7716

The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00453EPSS

OSV•added 2024/09/11 6:15 a.m.•1 views

CVE-2024-7716

Cvelist•added 2024/09/11 6:0 a.m.•16 views

CVE-2024-7716 GS Logo Slider Lite < 3.6.9 - Admin+ Stored XSS

0.00453EPSS

OSV•added 2024/09/10 8:15 a.m.•2 views

CVE-2024-7655

The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.8CVSS5.9AI score0.00323EPSS

Exploits0References6

OSV•added 2024/09/10 8:15 a.m.•1 views

CVE-2024-7618

The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it...

4.8CVSS5.9AI score0.00323EPSS

Exploits0References6

OSV•added 2024/09/10 6:15 a.m.•2 views

CVE-2024-7955

The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...