CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2024/07/22 9:35 a.m.•52 views

CVE-2024-37121

CVE-2024-37121 is a Stored XSS vulnerability in WordPress plugin Shortcode Addons (biplob018 Shortcode Addons) affecting versions up to 3.2.5. The issue is described as Improper Neutralization of Input During Web Page Generation. Public details in connected sources confirm the vulnerability vecto...

5.9CVSS5.8AI score0.0026EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/07/22 12:0 a.m.•5 views

PT-2024-27317 · Unknown · Biplob018 Shortcode Addons

Name of the Vulnerable Software and Affected Versions: biplob018 Shortcode Addons versions 3.2.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendation...

5.9CVSS5.8AI score0.0026EPSS

Exploits0References6

NVD•added 2024/07/20 8:15 a.m.•9 views

CVE-2024-38679

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Yongki Agustinus Animated Typed JS Shortcode allows Stored XSS.This issue affects Animated Typed JS Shortcode: from n/a through 2.0...

6.5CVSS0.0032EPSS

NVD•added 2024/07/20 8:15 a.m.•8 views

CVE-2024-37960

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.0...

6.5CVSS0.0032EPSS

CVE•added 2024/07/20 8:7 a.m.•45 views

CVE-2024-37960

CVE-2024-37960 is a stored XSS in the WordPress plugin CodePen Embedded Pens Shortcode (versions <= 1.0.0). The vulnerability stems from improper input neutralization during web page generation, enabling stored cross-site scripting. Affected: CodePen Embedded Pens Shortcode,

6.5CVSS6.4AI score0.0032EPSS

OSV•added 2024/07/20 3:15 a.m.•5 views

CVE-2024-2337

The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonialsgrid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.9AI score0.00355EPSS

Positive Technologies•added 2024/07/20 12:0 a.m.•5 views

PT-2024-28122 · Unknown · Yongki Agustinus Animated Typed Js Shortcode

Name of the Vulnerable Software and Affected Versions: Yongki Agustinus Animated Typed JS Shortcode versions n/a through 2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

6.5CVSS5.4AI score0.0032EPSS

Positive Technologies•added 2024/07/20 12:0 a.m.•3 views

PT-2024-27866 · Codepen · Codepen Embedded Pens Shortcode

Name of the Vulnerable Software and Affected Versions: CodePen Embedded Pens Shortcode versions 1.0.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

6.5CVSS5.3AI score0.0032EPSS

Patchstack•added 2024/07/18 1:3 a.m.•2 views

WordPress Zenon Lite theme <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Zenon Lite versions = 1.9...

6.4CVSS5.8AI score0.00302EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/07/18 12:0 a.m.•4 views

PT-2024-37275 · WordPress · Zenon Lite

Name of the Vulnerable Software and Affected Versions: Zenon Lite theme for WordPress versions up to, and including, 1.9 Description: The issue arises from insufficient input sanitization and output escaping in the url parameter within the theme's Button shortcode, allowing authenticated attacker...

6.4CVSS7.2AI score0.00302EPSS

Exploits0References5

OSV•added 2024/07/17 7:15 a.m.•3 views

CVE-2024-5255

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatedualcolor shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.9AI score0.00297EPSS

ATTACKERKB•added 2024/07/17 7:15 a.m.•1 views

CVE-2024-5255

6.4CVSS6.1AI score0.00297EPSS

ATTACKERKB•added 2024/07/17 7:15 a.m.•1 views

CVE-2024-5253

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultteam shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6.1AI score0.00297EPSS

OSV•added 2024/07/17 7:15 a.m.•3 views

CVE-2024-5252

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfotable shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS6AI score0.00297EPSS

OSV•added 2024/07/17 7:15 a.m.•2 views

CVE-2024-5251

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatepricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

5.4CVSS5.9AI score0.00295EPSS

ATTACKERKB•added 2024/07/17 7:15 a.m.•3 views

CVE-2024-5251

6.4CVSS6.1AI score0.00295EPSS

ATTACKERKB•added 2024/07/17 7:15 a.m.•1 views

CVE-2024-5254

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfobanner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6.1AI score0.00297EPSS