CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8978 matches found

Vulnrichment•added 2024/12/06 9:22 a.m.•9 views

CVE-2024-10909 Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode

The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...

6.3CVSS7.3AI score0.00439EPSS

Exploits0References4

CVE•added 2024/12/06 8:24 a.m.•54 views

CVE-2024-10689

CVE-2024-10689 pertains to XLTab – Accordions and Tabs for Elementor Page Builder (WordPress) versions up to 1.4, where an Information Exposure vulnerability allows authenticated attackers with Contributor-level access or higher to extract data from private or draft posts via the XLTAB_INSERT_TPL...

4.3CVSS4.4AI score0.0032EPSS

Exploits0References2

Positive Technologies•added 2024/12/06 12:0 a.m.•2 views

PT-2024-17276 · WordPress · Folder Gallery

Name of the Vulnerable Software and Affected Versions: Folder Gallery plugin for WordPress versions up to, and including, 1.7.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode due to insufficient input sanitization and output escaping on...

6.1CVSS6.2AI score0.00324EPSS

Exploits0References7

Positive Technologies•added 2024/12/06 12:0 a.m.•3 views

PT-2024-17002 · WordPress · Onlyoffice Docs

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE Docs plugin for WordPress versions up to, and including, 2.0.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'onlyoffice' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6.1AI score0.00249EPSS

Exploits0References6

Positive Technologies•added 2024/12/06 12:0 a.m.•2 views

PT-2024-16921 · WordPress · Smart Popup Blaster

Name of the Vulnerable Software and Affected Versions: Smart PopUp Blaster plugin for WordPress versions up to, and including, 1.4.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode due to insufficient input sanitization and output escaping ...

6.4CVSS6.2AI score0.00249EPSS

Exploits0References6

Positive Technologies•added 2024/12/06 12:0 a.m.•4 views

PT-2024-16819 · WordPress · Mycred

Name of the Vulnerable Software and Affected Versions: myCred – Loyalty Points and Rewards plugin versions up to, and including, 2.7.5.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

6.4CVSS6AI score0.00809EPSS

Exploits0References8

CNNVD•added 2024/12/06 12:0 a.m.•3 views

WordPress plugin The Pojo Forms 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code injection vulnerability exists ...

6.3CVSS8.7AI score0.00439EPSS

Exploits0References4

Patchstack•added 2024/12/05 10:58 p.m.•3 views

WordPress Pojo Forms plugin <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via formpreviewshortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Pojo Forms versions = 1.4.7...

6.3CVSS7.1AI score0.00439EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/12/05 10:43 p.m.•2 views

WordPress Cookielay plugin <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cookielay Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via cookielay Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Cookielay versions = 1.2.0...

6.4CVSS5.8AI score0.00303EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/12/05 10:24 p.m.•2 views

WordPress myCred plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via mycredsend Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin myCred versions = 2.7.5.2...

6.4CVSS5.8AI score0.00809EPSS

Exploits0References1Affected Software1

NVD•added 2024/12/05 10:31 a.m.•14 views

CVE-2024-11779

The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wipwoocarouselproductscarousel' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00312EPSS

Exploits0References4

Vulnrichment•added 2024/12/05 9:23 a.m.•5 views

CVE-2024-10056 Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS5.9AI score0.00312EPSS

Exploits0References3

Patchstack•added 2024/12/05 7:18 a.m.•2 views

WordPress Luna Web Radio Player plugin <= 6.24.11.07 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin Luna Web Radio Player versions = 6.24.11.07...

6.4CVSS5.8AI score0.00249EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/12/05 3:23 a.m.•18 views

CVE-2024-10881 LUNA RADIO PLAYER <= 6.24.11.07 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00249EPSS

Exploits0References2

CVE•added 2024/12/05 3:23 a.m.•49 views

CVE-2024-10881

The CVE: CVE-2024-10881 affects the LUNA RADIO PLAYER WordPress plugin. The vulnerability is a Stored Cross-Site Scripting via the lunaradio shortcode in versions up to and including 6.24.11.07, caused by insufficient input sanitization and output escaping on user-supplied attributes. Impact: aut...

6.4CVSS5.7AI score0.00249EPSS

Exploits0References2

Positive Technologies•added 2024/12/05 12:0 a.m.•2 views

PT-2024-16615 · WordPress · Luna Radio Player

Name of the Vulnerable Software and Affected Versions: LUNA RADIO PLAYER plugin for WordPress versions up to, and including, 6.24.11.07 Description: The issue is related to Stored Cross-Site Scripting via the 'lunaradio' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS8AI score0.00249EPSS

Exploits0References7

Positive Technologies•added 2024/12/05 12:0 a.m.•2 views

PT-2024-16984 · WordPress · Stars Testimonials

Name of the Vulnerable Software and Affected Versions: Stars Testimonials plugin for WordPress versions up to, and including, 3.3.3 Description: The Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion via the stars-testimonials-with-slider-and-masonry-grid shortcode. Thi...

8.8CVSS8AI score0.007EPSS

Exploits0References11

Positive Technologies•added 2024/12/05 12:0 a.m.•5 views

PT-2024-16536 · WordPress · Anywhere Elementor

Name of the Vulnerable Software and Affected Versions: AnyWhere Elementor plugin for WordPress versions up to, and including, 1.2.11 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created by Elementor that...

4.3CVSS7AI score0.00304EPSS

Exploits0References7

Patchstack•added 2024/12/04 10:50 p.m.•6 views

WordPress Contact Form Builder plugin <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via livesite-pay Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Contact Form Builder by vcita versions = 4.10.4...

6.4CVSS5.8AI score0.00312EPSS

Exploits0References1Affected Software1

OSV•added 2024/12/04 3:15 a.m.•1 views

CVE-2024-11897

The Contact Form, Survey & Form Builder – MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mightyforms' shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

5.4CVSS7.4AI score0.00283EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by