CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Patchstack•added 2025/01/30 11:31 p.m.•4 views

WordPress WooCommerce Product Table Lite plugin <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting vulnerability

Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin WooCommerce Product Table Lite versions = 3.9.4...

7.3CVSS6.4AI score0.00513EPSS

OSV•added 2025/01/30 2:15 p.m.•4 views

CVE-2024-8494

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...

6.5CVSS7.3AI score0.00284EPSS

OSV•added 2025/01/30 2:15 p.m.•1 views

CVE-2024-13670

The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pnmsv' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS7.4AI score0.00203EPSS

OSV•added 2025/01/30 2:15 p.m.•2 views

CVE-2024-13700

The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00203EPSS

OSV•added 2025/01/30 2:15 p.m.•1 views

CVE-2024-13349

The Stockdio Historical Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stockdio-historical-chart' shortcode in all versions up to, and including, 2.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.9AI score0.00284EPSS

OSV•added 2025/01/30 2:15 p.m.•4 views

CVE-2024-12451

The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HTML5CHAT' shortcode in all versions up to, and including, 1.04 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00254EPSS

Cvelist•added 2025/01/30 1:42 p.m.•37 views

CVE-2024-8494 Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode

4.3CVSS0.00284EPSS

CVE•added 2025/01/30 1:42 p.m.•144 views

CVE-2024-8494

The CVE concerns Elementor Website Builder Pro for WordPress. Affected: all versions up to and including 3.25.10. Issue: authenticated attackers with Contributor+ access can exploit the elementor-template shortcode to exfiltrate sensitive information from Private, Pending, and Draft Templates (Se...

6.5CVSS4.6AI score0.00284EPSS

Exploits0References2Affected Software1

NVD•added 2025/01/30 11:15 a.m.•6 views

CVE-2024-13453

The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.6.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

7.3CVSS0.00503EPSS

CVE•added 2025/01/30 11:10 a.m.•46 views

CVE-2024-13453

CVE-2024-13453 – WordPress PirateForms plugin vulnerability (CVE summary) The WordPress plugin “Contact Form & SMTP Plugin for WordPress by PirateForms” (up to version 2.6.0) allows unauthenticated attackers to trigger arbitrary shortcodes through an action that calls do_shortcode without proper ...

7.3CVSS7.3AI score0.00503EPSS

Vulnrichment•added 2025/01/30 11:10 a.m.•6 views

CVE-2024-13453 Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution

7.3CVSS7.4AI score0.00503EPSS

Cvelist•added 2025/01/30 11:10 a.m.•13 views

CVE-2024-13453 Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution

7.3CVSS0.00503EPSS

OSV•added 2025/01/30 8:15 a.m.•2 views

CVE-2024-13470

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

5.4CVSS6AI score0.00284EPSS

Exploits0References5

Patchstack•added 2025/01/30 8:10 a.m.•3 views

WordPress Bulk Me Now plugin <= 2.0 - Stored XSS via Shortcode vulnerability

Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Bulk Me Now! versions = 2.0...

7.1CVSS6AI score0.00245EPSS

Exploits1References1Affected Software1

Patchstack•added 2025/01/30 7:36 a.m.•3 views

WordPress Contact Form & SMTP Plugin for WordPress by PirateForms plugin <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Contact Form & SMTP Plugin versions = 2.6.0...

7.3CVSS7.1AI score0.00503EPSS

Patchstack•added 2025/01/30 7:28 a.m.•4 views

WordPress Ninja Forms plugin <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Ninja Forms versions = 3.8.24...

6.4CVSS5.8AI score0.00284EPSS