CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2024/11/13 12:0 a.m.•2 views

PT-2024-39759 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.7.1001 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Form Builder widget due to insufficient input sanitization...

6.4CVSS8.1AI score0.00405EPSS

Exploits0References8

Vulnrichment•added 2024/11/09 2:30 p.m.•13 views

CVE-2024-51603 WordPress NMR Strava activities plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mirceatm NMR Strava activities nmr-strava-activities allows DOM-Based XSS.This issue affects NMR Strava activities: from n/a through = 1.0.7...

6.5CVSS5.9AI score0.00248EPSS

Vulnrichment•added 2024/11/09 2:7 p.m.•11 views

CVE-2024-51613 WordPress TradeMe widgets plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bidbud TradeMe widgets trademe-widget allows Stored XSS.This issue affects TradeMe widgets: from n/a through = 1.2...

6.5CVSS5.9AI score0.00243EPSS

CVE•added 2024/11/09 1:11 p.m.•57 views

CVE-2024-51663

CVE-2024-51663 is an XSS vulnerability in the WordPress plugin Bricksable for Bricks Builder (affected: Bricksable for Bricks Builder,

5.9CVSS5.9AI score0.00263EPSS

Cvelist•added 2024/11/08 6:0 a.m.•15 views

CVE-2024-7982 Registrations for The Events Calendar < 2.12.4 - Unauthenticated Stored XSS

The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks...

0.00665EPSS

Positive Technologies•added 2024/11/08 12:0 a.m.•2 views

PT-2024-16609 · WordPress · The Charitable – Donation Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress versions prior to 1.8.2 The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for...

6.1CVSS6.8AI score0.0036EPSS

Exploits0References13

Tenable Nessus•added 2024/11/08 12:0 a.m.•10 views

Cisco Unified Communications Manager XSS (cisco-sa-cucm-xss-SVCkMMW)

According to its self-reported version, Cisco Unified Communications Manager running on the report host is affected by a cross-site scripting vulnerability that could allow an unauthenticated, remote attacker to conduct an attack against a user of the interface. This vulnerability exists because...

6.1CVSS5.8AI score0.00307EPSS

Exploits0References3

Patchstack•added 2024/11/05 11:34 p.m.•3 views

WordPress Easy Pricing Tables plugin <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Easy Pricing Tables versions = 3.2.6...

6.4CVSS5.7AI score0.00321EPSS

CNNVD•added 2024/11/05 12:0 a.m.•3 views

WordPress plugin Seriously Simple Podcasting 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Seriously Simple...

6.1CVSS7.4AI score0.0039EPSS

Exploits0References4

CVE•added 2024/11/04 2:12 p.m.•48 views

CVE-2024-51682

CVE-2024-51682 is a stored XSS in HasThemes HT Builder – WordPress Theme Builder for Elementor (HT Builder) up to version 1.3.0. The vulnerability arises from improper input neutralization during web page generation, allowing stored XSS. Patchstack indicates fixed in 1.3.1; Red Hat/ENISA referenc...

6.5CVSS5.9AI score0.00233EPSS

Patchstack•added 2024/11/04 8:58 a.m.•2 views

WordPress WP MMenu Lite plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin WP MMenu Lite versions = 1.0.0...

7.1CVSS6.1AI score0.00259EPSS

Exploits0Affected Software1

OSV•added 2024/11/04 12:15 a.m.•5 views

CVE-2024-10747

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unittesting/templates/domdatath.php. The manipulation of the argument scripts leads to cross site scripting. The...

6.1CVSS3.7AI score0.00367EPSS

Exploits1References5

Patchstack•added 2024/11/01 9:28 p.m.•2 views

WordPress Element Pack Elementor Addons plugin <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Element Pack Elementor Addons versions = 5.10.1...

5.4CVSS5.8AI score0.00256EPSS

NVD•added 2024/11/01 5:15 p.m.•15 views

CVE-2024-51492

Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on raw image load. With certain payloads, theft of the target user’s long-lived session token is possible...

8.8CVSS0.00457EPSS

Exploits0References4

Vulnrichment•added 2024/10/31 12:0 a.m.•14 views

CVE-2023-52045

Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting XSS vulnerability...

6AI score0.00265EPSS

CNVD•added 2024/10/31 12:0 a.m.•6 views

wtcms cross-site scripting vulnerability

wtcms is a ThinkPHP-based content management system CMS. A cross-site scripting vulnerability exists in version 1.0 of wtcms, which stems from unprocessed application parameters in the plupload method in the file AssetController.class.php, and can be exploited by an attacker to execute arbitrary...

4.8CVSS6.3AI score0.00229EPSS

CNVD•added 2024/10/30 12:0 a.m.•6 views

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2024-43201)

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, which arises from insufficient validation of user-supplied input in the web management interface, and can ...

5.4CVSS6.6AI score0.0038EPSS

CNVD•added 2024/10/30 12:0 a.m.•8 views

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2024-43208)

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. Cisco Firepower Management Center suffers from a cross-site scripting vulnerability that originates from the Web management interface not properly validating user-supplied input, which can...

5.4CVSS6.5AI score0.00349EPSS