CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3452 matches found

OSV•added 2024/05/30 5:15 a.m.•1 views

CVE-2024-3946

The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS5.9AI score0.0032EPSS

Exploits0References2

Positive Technologies•added 2024/05/30 12:0 a.m.•2 views

PT-2024-21425 · WordPress · Font Farsi

Name of the Vulnerable Software and Affected Versions: Font Farsi plugin for WordPress versions up to, and including, 1.6.6 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated...

4.4CVSS5.9AI score0.00288EPSS

Exploits0References4

OSV•added 2024/05/29 6:18 a.m.•1 views

CVE-2024-3921

The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0017EPSS

Exploits2References1

NVD•added 2024/05/29 6:18 a.m.•9 views

CVE-2024-3937

The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.8AI score0.0017EPSS

Exploits2References1

OSV•added 2024/05/29 6:18 a.m.•2 views

CVE-2024-4419

The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4CVSS5.9AI score

Exploits0References2

OSV•added 2024/05/29 6:18 a.m.•1 views

CVE-2024-3937

4.8CVSS5.8AI score0.0017EPSS

Exploits2References1

Cvelist•added 2024/05/29 6:0 a.m.•20 views

CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS

7.8AI score0.0017EPSS

Exploits2References1

Vulnrichment•added 2024/05/29 6:0 a.m.•17 views

CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS

5.7AI score0.0017EPSS

Exploits2References1

Positive Technologies•added 2024/05/29 12:0 a.m.•3 views

PT-2024-28472 · WordPress · Playlist For Youtube Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Playlist for Youtube WordPress plugin versions 1.32 and earlier Description: The issue concerns a Stored Cross-Site Scripting attack. High privilege users, such as admins, can exploit this even when the unfiltered html capability is disallowe...

4.8CVSS5.9AI score0.0017EPSS

Exploits2References7

WPVulnDB•added 2024/05/28 12:0 a.m.•19 views

FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Go to settings and change the...

7.7AI score0.00223EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2024/05/28 12:0 a.m.•16 views

Expert Invoice <= 1.0.2 -Admin+ Stored XSS

5.2AI score0.00284EPSS

Exploits2

Vulnrichment•added 2024/05/27 6:0 a.m.•11 views

CVE-2024-3939 Ditty < 3.1.36 - Author+ Stored XSS

The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.6AI score0.0049EPSS

Exploits2References1

WPVulnDB•added 2024/05/24 12:0 a.m.•14 views

Alemha Watermarker <= 1.3.1 - Author+ Stored XSS

5.4AI score0.00284EPSS

Exploits2

WPVulnDB•added 2024/05/24 12:0 a.m.•16 views

Social Pixel <= 2.1 - Admin+ Stored XSS

5.3AI score0.00208EPSS

Exploits2

OSV•added 2024/05/23 6:15 a.m.•1 views

CVE-2024-3920

The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.8AI score

Exploits0References1

NVD•added 2024/05/23 6:15 a.m.•11 views

CVE-2024-3594

The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

8.7CVSS7.8AI score0.00995EPSS

Exploits2References1

OSV•added 2024/05/23 6:15 a.m.•3 views

CVE-2024-3594

8.7CVSS5.8AI score0.00995EPSS

Exploits2References1

OSV•added 2024/05/23 6:15 a.m.•3 views

CVE-2024-2220

The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.8AI score0.00276EPSS

Exploits2References1

Cvelist•added 2024/05/23 6:0 a.m.•17 views

CVE-2024-3920 Flattr <= 1.2.2 - Admin+ Stored XSS

7.8AI score0.00186EPSS

Exploits2References1

Vulnrichment•added 2024/05/23 6:0 a.m.•12 views

CVE-2024-3920 Flattr <= 1.2.2 - Admin+ Stored XSS

5.6AI score0.00186EPSS

Exploits2References1

Rows per page