CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8994 matches found

Patchstack•added 2024/07/10 6:22 a.m.•3 views

WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sonaaraudioplayer Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions = 5.5...

6.4CVSS5.8AI score0.00329EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/07/09 12:36 p.m.•5 views

WordPress Squelch Tabs and Accordions Shortcodes plugin <= 0.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via tab Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via tab Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Squelch Tabs and Accordions Shortcodes versions = 0.4.8...

6.4CVSS5.8AI score0.00337EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/07/09 10:56 a.m.•5 views

WordPress oik plugin <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via bw_button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via bwbutton Shortcode vulnerability discovered by Rafshanzani Suhada in WordPress Plugin oik versions = 4.10.3...

6.4CVSS5.8AI score0.00342EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/07/09 10:47 a.m.•3 views

WordPress Simple Alert Boxes plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Alert Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Simple Alert Boxes versions = 1.4.0...

6.4CVSS5.8AI score0.00325EPSS

Exploits0References1Affected Software1

OSV•added 2024/07/09 9:15 a.m.•4 views

CVE-2024-3604

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

8.8CVSS5.9AI score0.00528EPSS

Exploits0References2

NVD•added 2024/07/09 9:15 a.m.•27 views

CVE-2024-3604

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

9.9CVSS0.00528EPSS

Exploits0References3

OSV•added 2024/07/09 9:15 a.m.•6 views

CVE-2024-3603

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible...

5.4CVSS6AI score0.00344EPSS

Exploits0References2

Vulnrichment•added 2024/07/09 8:33 a.m.•16 views

CVE-2024-3603 OSM – OpenStreetMap <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS5.8AI score0.00344EPSS

Exploits0References2

CVE•added 2024/07/09 8:33 a.m.•49 views

CVE-2024-3603

CVE-2024-3603 affects the OSM – OpenStreetMap WordPress plugin. All versions up to 6.0.2 are vulnerable to a Stored XSS via the plugin’s osm_map shortcode due to insufficient input sanitization and output escaping for attributes (e.g., theme). Exploitation requires contributor-level access or hig...

6.4CVSS6.1AI score0.00344EPSS

Exploits0References3Affected Software1

Patchstack•added 2024/07/09 8:29 a.m.•3 views

WordPress Webico Slider Flatsome Addons plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wbc_image Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wbcimage Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Webico Slider Flatsome Addons versions = 2.0.1...

6.4CVSS5.8AI score0.00292EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/07/09 6:35 a.m.•3 views

WordPress Advanced File Manager Shortcode plugin <= 2.5.3 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by Colin Xu in WordPress Plugin File Manager Advanced Shortcode versions = 2.5.3...

8.8CVSS7AI score0.00831EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/07/09 12:0 a.m.•11 views

WordPress File Manager Advanced Shortcode Plugin <= 2.4 is vulnerable to Directory Traversal

Software File Manager Advanced Shortcode Type Plugin Vulnerable versions = 2.4 Fixed in 2.4.1 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2023-7062 Patch priority Low CVSS severity Low 7.7 Developer Claim ownership PSID a83d051bcbb6 Credits Colin Xu Required privilege...

8.8CVSS6.9AI score0.00722EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2024/07/09 12:0 a.m.•4 views

PT-2024-37252 · WordPress · Simple Alert Boxes

Name of the Vulnerable Software and Affected Versions: The Simple Alert Boxes plugin for WordPress versions up to, and including, 1.4.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Alert shortcode, allowing...

6.4CVSS6.9AI score0.00325EPSS

Exploits0References6

Positive Technologies•added 2024/07/09 12:0 a.m.•3 views

PT-2024-26854 · WordPress · Osm – Openstreetmap

Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'osm map' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS5.9AI score0.00344EPSS

Exploits0References6

Positive Technologies•added 2024/07/09 12:0 a.m.•5 views

PT-2024-37218 · WordPress · Webico Slider Flatsome Addons

Name of the Vulnerable Software and Affected Versions: Webico Slider Flatsome Addons plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wbc image shortcode due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.00292EPSS

Exploits0References6

OSV•added 2024/07/06 5:15 p.m.•4 views

CVE-2024-37554

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CodeAstrology Team UltraAddons Elementor Lite Header & Footer Builder, Menu Builder, Cart Icon, Shortcode.This issue affects UltraAddons Elementor Lite Header & Footer Builder, Menu Builder,...

5.4CVSS5.8AI score0.00242EPSS

Exploits0References1

Patchstack•added 2024/07/04 12:12 p.m.•5 views

WordPress Ninja Forms plugin <= 3.8.4 - Subscriber+ Arbitrary Shortcode Execution vulnerability

Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Ninja Forms versions = 3.8.4...

9.8CVSS7.1AI score0.00467EPSS

Exploits0Affected Software1

Patchstack•added 2024/07/03 6:23 a.m.•4 views

WordPress Amelia Shortcode Extended plugin <= 1.6 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Amelia Shortcode Extended versions = 1.6...

7AI score

Exploits0References1Affected Software1

Patchstack•added 2024/07/03 12:0 a.m.•4 views

WordPress Amelia Shortcode Extended Plugin <= 1.6 is vulnerable to Backdoor

Software Amelia Shortcode Extended Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6bcf0ef7322f Credits Sansec.io Required privilege Unauthenticated Published 3...

7.2AI score

Exploits0References2Affected Software1

OSV•added 2024/07/02 2:15 a.m.•4 views

CVE-2024-5938

The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.4CVSS5.9AI score0.00308EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by