CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8984 matches found

OSV•added 2025/02/18 5:15 a.m.•2 views

CVE-2024-13595

The Simple Signup Form plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'ssf' shortcode in all versions up to, and including, 1.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

6.5CVSS7.3AI score0.00359EPSS

Exploits0References2

OSV•added 2025/02/18 5:15 a.m.•2 views

CVE-2024-13582

The Simple Pricing Tables For WPBakery Page BuilderFormerly Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdosimplepricingtablefree' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping...

5.4CVSS5.9AI score0.00227EPSS

Exploits0References2

OSV•added 2025/02/18 5:15 a.m.•2 views

CVE-2024-13581

The Simple Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'simplechart' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS7.4AI score0.00227EPSS

Exploits0References2

OSV•added 2025/02/18 5:15 a.m.•2 views

CVE-2024-13573

The Zigaform – Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfmrfvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS7.4AI score

Exploits0References2

OSV•added 2025/02/18 5:15 a.m.•2 views

CVE-2024-13577

The CATS Job Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS7.4AI score0.00227EPSS

Exploits0References2

OSV•added 2025/02/18 5:15 a.m.•2 views

CVE-2024-13576

The Gumlet Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gumlet' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS7.4AI score0.00272EPSS

Exploits0References2

OSV•added 2025/02/18 5:15 a.m.•3 views

CVE-2024-13578

The WP-BibTeX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'WpBibTeX' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00227EPSS

Exploits0References2

NVD•added 2025/02/18 5:15 a.m.•30 views

CVE-2024-13573

6.4CVSS0.00227EPSS

Exploits0References2

OSV•added 2025/02/18 5:15 a.m.•2 views

CVE-2024-13501

The WP-FormAssembly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'formassembly' shortcode in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS7.4AI score0.00357EPSS

Exploits0References3

OSV•added 2025/02/18 5:15 a.m.•2 views

CVE-2024-13464

The Library Bookshelves plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bookshelf' shortcode in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

5.4CVSS5.9AI score

Exploits0References2

CVE•added 2025/02/18 4:21 a.m.•52 views

CVE-2024-13573

CVE-2024-13573 relates to the WordPress plugin Zigaform – Form Builder Lite . Connected docs confirm a Stored Cross-Site Scripting (XSS) in this plugin, affecting versions up to at least 7.4.7 (according to PatchStack) and tied to the plugin's vulnerable shortcode handling. The issue stems from i...

6.4CVSS5.8AI score0.00227EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2025/02/18 12:0 a.m.•5 views

PT-2025-6555 · WordPress · Wp-Formassembly

Name of the Vulnerable Software and Affected Versions: WP-FormAssembly plugin for WordPress versions up to, and including, 2.0.11 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'formassembly' shortcode due to insufficient input sanitization and output escaping o...

6.4CVSS7.9AI score0.00357EPSS

Exploits0References9

Positive Technologies•added 2025/02/18 12:0 a.m.•3 views

PT-2025-6578 · WordPress · Simplebooklet Pdf Viewer/Embedder

Name of the Vulnerable Software and Affected Versions: Simplebooklet PDF Viewer and Embedder plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'simplebooklet' shortcode due to insufficient input sanitization...

6.4CVSS7.9AI score0.00227EPSS

Exploits0References7

Positive Technologies•added 2025/02/18 12:0 a.m.•3 views

PT-2025-6572 · WordPress · Cats Job Listings

Name of the Vulnerable Software and Affected Versions: CATS Job Listings plugin for WordPress versions up to and including 2.0.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS8AI score0.00227EPSS

Exploits0References7

Positive Technologies•added 2025/02/18 12:0 a.m.•5 views

PT-2025-6577 · WordPress · Zigaform – Price Calculator & Cost Estimation Form Builder

Name of the Vulnerable Software and Affected Versions: Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin for WordPress versions up to, and including, 7.4.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'zgfm fvar' shortcode due to...

6.4CVSS8.1AI score0.00227EPSS

Exploits0References6

Positive Technologies•added 2025/02/18 12:0 a.m.•2 views

PT-2025-6575 · WordPress · Simple Charts

Name of the Vulnerable Software and Affected Versions: Simple Charts plugin for WordPress versions up to, and including, 1.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the simple chart shortcode. This allows authenticated...

6.4CVSS9.3AI score0.00227EPSS

Exploits0References6

Patchstack•added 2025/02/17 10:27 p.m.•4 views

WordPress Uncode Core plugin <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution in uncodegetmedias vulnerability discovered by mikemyers in WordPress Plugin Uncode Core versions = 2.9.1.6...

6.3CVSS7.1AI score0.00422EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/02/17 10:24 p.m.•4 views

WordPress PressMart theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Theme PressMart versions = 1.2.16...

9.8CVSS7.1AI score0.00502EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/02/17 9:45 p.m.•3 views

WordPress WP-FormAssembly plugin <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by yudha in WordPress Plugin WP-FormAssembly versions = 2.0.11...

6.4CVSS5.8AI score0.00357EPSS

Exploits0References1Affected Software1

OSV•added 2025/02/15 9:15 a.m.•3 views

CVE-2024-13525

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

6.5CVSS7.3AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by