CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1409 matches found

OSV•added 2024/12/27 6:15 a.m.•2 views

CVE-2024-11644

The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.9CVSS7.3AI score

Exploits0References1

NVD•added 2024/12/27 6:15 a.m.•11 views

CVE-2024-11644

5.9CVSS0.00327EPSS

Exploits1References1

Vulnrichment•added 2024/12/27 6:0 a.m.•12 views

CVE-2024-11644 WP-SVG <= 0.9 - Contributor+ Stored XSS via Shortcode

5.5AI score0.00327EPSS

Exploits1References1

Cvelist•added 2024/12/27 6:0 a.m.•18 views

CVE-2024-11644 WP-SVG <= 0.9 - Contributor+ Stored XSS via Shortcode

0.00327EPSS

Exploits1References1

CVE•added 2024/12/27 6:0 a.m.•56 views

CVE-2024-11644

The CVE-2024-11644 entry concerns the WP-SVG WordPress plugin (versions

5.9CVSS5.6AI score0.00327EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2024/12/27 12:0 a.m.•3 views

PT-2024-17152 · WordPress · Wp-Svg

Name of the Vulnerable Software and Affected Versions: WP-SVG WordPress plugin versions 0.9 and prior Description: The issue concerns the WP-SVG WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is...

5.9CVSS8.3AI score0.00327EPSS

Exploits1References10

OSV•added 2024/12/20 6:15 a.m.•2 views

CVE-2024-11108

The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00315EPSS

Exploits1References1

NVD•added 2024/12/20 6:15 a.m.•14 views

CVE-2024-11108

5.4CVSS0.00315EPSS

Exploits1References1

Vulnrichment•added 2024/12/20 6:0 a.m.•11 views

CVE-2024-11108 Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode

5.9AI score0.00315EPSS

Exploits1References1

Cvelist•added 2024/12/20 6:0 a.m.•20 views

CVE-2024-11108 Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode

0.00315EPSS

Exploits1References1

Positive Technologies•added 2024/12/20 12:0 a.m.•2 views

PT-2024-17249 · WordPress · Particle Background

Name of the Vulnerable Software and Affected Versions: Particle Background plugin for WordPress versions up to, and including, 1.0.2 Description: The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode due to insufficie...

6.4CVSS7.8AI score0.00331EPSS

Exploits0References8

NVD•added 2024/12/16 6:15 a.m.•15 views

CVE-2024-11841

The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS0.00291EPSS

Exploits1References1

OSV•added 2024/12/16 6:15 a.m.•2 views

CVE-2024-11841

5.4CVSS7.3AI score0.00291EPSS

Exploits1References1

Cvelist•added 2024/12/16 6:0 a.m.•19 views

CVE-2024-11841 Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode

0.00291EPSS

Exploits1References1

CVE•added 2024/12/16 6:0 a.m.•47 views

CVE-2024-11841

The CVE CVE-2024-11841 concerns the Tithe.ly Giving Button WordPress plugin (version up to 1.1) where shortcode attributes are not properly escaped/validated before output. This can enable Stored Cross-Site Scripting (XSS) attacks when a page or post embeds the shortcode and an attacker with Cont...

5.4CVSS5.6AI score0.00291EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2024/12/16 6:0 a.m.•8 views

CVE-2024-11841 Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode

5.9AI score0.00291EPSS

Exploits1References1

CNNVD•added 2024/12/16 12:0 a.m.•2 views

WordPress plugin Tithe.ly Giving Button 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS8AI score0.00291EPSS

Exploits1References1

Positive Technologies•added 2024/12/12 12:0 a.m.•4 views

PT-2024-17238 · WordPress · Currency Converter Widget ⚡ Pro

Name of the Vulnerable Software and Affected Versions: Currency Converter Widget ⚡ PRO plugin for WordPress versions up to, and including, 1.0.6 Description: The issue is related to Stored Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping on user-suppli...

6.4CVSS6.8AI score0.0027EPSS

Exploits0References6

OSV•added 2024/11/25 6:15 a.m.•1 views

CVE-2024-10709

The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.8CVSS5.8AI score0.00678EPSS

Exploits1References1

Positive Technologies•added 2024/11/25 12:0 a.m.•4 views

PT-2024-16482

Name of the Vulnerable Software and Affected Versions YaDisk Files WordPress plugin versions 1.2.5 and earlier Description The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in a page or post where the shortcode is...

6.8CVSS6.4AI score0.00678EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by