CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

712 matches found

Patchstack•added 2025/01/30 7:28 a.m.•2 views

WordPress Ninja Forms plugin <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Ninja Forms versions = 3.8.24...

6.4CVSS5.8AI score0.00135EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/01/30 7:19 a.m.•3 views

WordPress Elementor Pro plugin <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode vulnerability

Authenticated Contributor+ Sensitive Information Exposure via Shortcode vulnerability discovered by Ankit Patel in WordPress Plugin Elementor Pro versions = 3.25.10...

6.5CVSS7AI score0.00115EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/01/30 7:13 a.m.•2 views

WordPress Alex Reservations: Smart Restaurant Booking plugin <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Alex Reservations versions = 2.0.5...

6.4CVSS5.8AI score0.00132EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/01/30 6:0 a.m.•6 views

CVE-2024-12708 Bulk Me Now <= 2.0 - Stored XSS via Shortcode

The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4AI score0.00096EPSS

Exploits1References1

Positive Technologies•added 2025/01/30 12:0 a.m.•2 views

PT-2025-1851 · WordPress · Wp Dispensary

Name of the Vulnerable Software and Affected Versions: WP Dispensary plugin for WordPress versions up to, and including, 4.5.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wpd menu' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS7.9AI score0.00121EPSS

Exploits0References8

Positive Technologies•added 2025/01/30 12:0 a.m.•1 views

PT-2025-1853 · WordPress · Html5 Chat Plugin

Name of the Vulnerable Software and Affected Versions: HTML5 Chat Plugin for WordPress versions 1.04 and earlier Description: The issue concerns a Stored Cross-Site Scripting vulnerability in the HTML5 chat plugin for WordPress. This vulnerability is due to insufficient input sanitization and...

6.4CVSS8AI score0.00116EPSS

Exploits0References7

Positive Technologies•added 2025/01/30 12:0 a.m.•2 views

PT-2025-1980 · WordPress · Ethereumico

Name of the Vulnerable Software and Affected Versions: EthereumICO plugin for WordPress versions up to, and including, 2.4.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS8AI score0.00099EPSS

Exploits0References6

Positive Technologies•added 2025/01/29 12:0 a.m.•2 views

PT-2025-2218 · WordPress · Target Video Easy Publish

Name of the Vulnerable Software and Affected Versions: Target Video Easy Publish plugin for WordPress versions up to, and including, 3.8.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's brid override yt shortcode due to insufficient input sanitization and output...

6.4CVSS8AI score0.00205EPSS

Exploits0References9

Patchstack•added 2025/01/28 10:41 a.m.•3 views

WordPress Philantro plugin <= 5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via donate Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via donate Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin Philantro versions = 5.3...

6.4CVSS5.8AI score0.00185EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/01/27 7:46 a.m.•2 views

WordPress ThemeREX Addons plugin <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton in WordPress Plugin ThemeREX Addons versions = 2.33.0...

8.8CVSS7AI score0.00309EPSS

Exploits0References1Affected Software1

OSV•added 2025/01/24 10:15 a.m.•2 views

CVE-2024-12494

The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmltmeetingmap' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS6AI score0.00277EPSS

Exploits0References3

OSV•added 2025/01/23 10:15 a.m.•2 views

CVE-2024-13593

The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmltmeetingmap' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on th...

8.8CVSS7.8AI score0.00534EPSS

Exploits0References3

Positive Technologies•added 2025/01/16 12:0 a.m.•2 views

PT-2025-4995 · Unknown · Pflonk Sidebar-Content From Shortcode

Name of the Vulnerable Software and Affected Versions: pflonk Sidebar-Content from Shortcode versions prior to 2.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS. This problem enabl...

6.5CVSS9.4AI score0.00076EPSS

Exploits0References3

Positive Technologies•added 2025/01/09 12:0 a.m.•2 views

PT-2025-1958 · WordPress · Searchie

Name of the Vulnerable Software and Affected Versions: Searchie plugin for WordPress versions up to, and including, 1.17.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sio embed media shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6.1AI score0.0036EPSS

Exploits0References7

Patchstack•added 2025/01/08 7:7 a.m.•2 views

WordPress Auto iFrame plugin < 2.0 - Contributor+ XSS via Shortcode vulnerability

Contributor+ XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Auto iFrame versions 2.0...

5.4CVSS6.3AI score0.00338EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/01/07 5:23 a.m.•16 views

CVE-2024-9702 Social Rocket <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialrocket-floating' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.0031EPSS

Exploits0References2

Positive Technologies•added 2025/01/07 12:0 a.m.•3 views

PT-2025-1870 · WordPress · Wp Jquery Datatable

Name of the Vulnerable Software and Affected Versions: WP jQuery DataTable plugin for WordPress versions up to, and including, 4.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wp jdt' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6.1AI score0.0031EPSS

Exploits0References6

Positive Technologies•added 2025/01/07 12:0 a.m.•3 views

PT-2025-1885 · WordPress · Wordpress Survey & Poll

Name of the Vulnerable Software and Affected Versions: WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress versions up to 1.7.5 Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes ...

6.4CVSS6.2AI score0.0036EPSS

Exploits0References6

Positive Technologies•added 2025/01/07 12:0 a.m.•3 views

PT-2025-3735 · WordPress · The Social Rocket – Social Sharing Plugin

Name of the Vulnerable Software and Affected Versions: Social Rocket – Social Sharing Plugin versions up to and including 1.3.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the socialrocket-floating shortcode. This allows...

6.4CVSS7.2AI score0.0031EPSS

Exploits0References5

Patchstack•added 2025/01/06 7:10 p.m.•2 views

WordPress Marketplace Items plugin <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zaim in WordPress Plugin Marketplace Items versions = 1.5.5...

6.4CVSS5.8AI score0.0036EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by