Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

25 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2006-6468

Malware in sbrugna...

6.8CVSS6.4AI score0.04506EPSS
Exploits1References10
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-51641

Malicious code in bioql PyPI...

6.1CVSS9.2AI score0.00151EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/05/23 9:35 a.m.6 views

CVE-2024-22550

An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

6.1CVSS6.7AI score0.00143EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/02/07 5:51 p.m.6 views

CVE-2024-13510

The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts...

6.1CVSS6.4AI score0.00151EPSS
Exploits0References1
NVD
NVDadded 2025/02/04 10:15 a.m.9 views

CVE-2024-13510

The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts...

6.1CVSS0.00151EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/02/04 9:21 a.m.10 views

CVE-2024-13510 ShopSite <= 1.5.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts...

6.1CVSS6AI score0.00151EPSS
Exploits0References2
CVE
CVEadded 2025/02/04 9:21 a.m.41 views

CVE-2024-13510

The CVE-2024-13510 entry covers the WordPress ShopSite plugin (versions up to 1.5.10) vulnerable to Cross-Site Request Forgery, enabling unauthenticated attackers to update settings and inject malicious scripts via forged requests that trick an admin into performing an action. Technical details a...

6.1CVSS6.5AI score0.00151EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/02/04 9:21 a.m.9 views

CVE-2024-13510 ShopSite <= 1.5.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts...

6.1CVSS0.00151EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/02/04 12:0 a.m.1 views

WordPress plugin ShopSite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

6.1CVSS8.8AI score0.00151EPSS
Exploits0References2
Patchstack
Patchstackadded 2025/02/03 10:47 p.m.2 views

WordPress ShopSite plugin <= 1.5.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin ShopSite versions = 1.5.10...

6.1CVSS5.9AI score0.00151EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2024/01/26 3:15 p.m.8 views

CVE-2024-22550

An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

6.1CVSS6.7AI score0.00143EPSS
Exploits1References1
OSV
OSVadded 2024/01/26 3:15 p.m.1 views

CVE-2024-22550

An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

6.1CVSS6AI score
Exploits0References1
Prion
Prionadded 2024/01/26 3:15 p.m.15 views

Privilege escalation

An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

5.8CVSS8.1AI score0.00143EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/01/26 12:0 a.m.8 views

CVE-2024-22550

An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

7.8AI score0.00143EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/01/26 12:0 a.m.5 views

PT-2024-19483 · Shopsite · Shopsite

Name of the Vulnerable Software and Affected Versions: ShopSite version 14.0 Description: An arbitrary file upload issue in the /alsdemo/ss/mediam.cgi component allows attackers to execute arbitrary code by uploading a crafted SVG file. Recommendations: For ShopSite version 14.0, consider disabli...

6.1CVSS7.8AI score0.00143EPSS
Exploits1References4
CNNVD
CNNVDadded 2024/01/26 12:0 a.m.1 views

ShopSite Security Breach

ShopSite is an online store from ShopSite Inc. A security vulnerability exists in ShopSite v14.0, which stems from an arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi that allows an attacker to execute arbitrary code by uploading a specially crafted SVG file...

6.1CVSS7.8AI score0.00143EPSS
Exploits1References2
Cvelist
Cvelistadded 2024/01/26 12:0 a.m.11 views

CVE-2024-22550

An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

6.9AI score0.00143EPSS
Exploits1References1
CVE
CVEadded 2024/01/26 12:0 a.m.38 views

CVE-2024-22550

CVE-2024-22550 concerns ShopSite v14.0, where the vulnerable component is the /alsdemo/ss/mediam.cgi module. The issue is an arbitrary file upload vulnerability that allows an attacker to execute arbitrary code by uploading a crafted SVG file. According to the sources, the vulnerability affects S...

6.1CVSS6.7AI score0.00143EPSS
Exploits1References1Affected Software1
0day.today
0day.todayadded 2023/12/29 12:0 a.m.280 views

ShopSite 14.0 Cross Site Scripting Vulnerability

Exploit Title: ShopSite Version: 14.0 - Stored XSS Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://www.shopsite.com/ Version: 14.0 Tested on: https://www.shopsite.com/demo.html 1 Upload poc.svg file here : https://demo.shopsite.com/cgi-bin/ssdemos/stores/alsdemo/ss/mediam.cgi...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2023/12/26 12:0 a.m.274 views

ShopSite 14.0 Cross Site Scripting

Exploit Title: ShopSite Version: 14.0 - Stored XSS Date: 2023-12-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://www.shopsite.com/ Version: 14.0 Tested on: https://www.shopsite.com/demo.html 1 Upload poc.svg file here :...

7.4AI score
Exploits0
Rows per page
Query Builder