CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2024/06/27 12:0 a.m.•3 views

WordPress Plugin Create by Mediavine Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS6AI score0.00324EPSS

Exploits0References5

OSV•added 2024/06/26 6:15 a.m.•4 views

CVE-2024-5199

The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00356EPSS

Positive Technologies•added 2024/06/26 12:0 a.m.•5 views

PT-2024-35080 · Spotify · Spotify Play Button Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Spotify Play Button WordPress plugin versions 1.0 and earlier Description: The issue concerns a lack of validation and escaping of certain shortcode attributes in the plugin, which could allow users with the contributor role and above to...

6.1CVSS6AI score0.00356EPSS

Exploits2References4

CNNVD•added 2024/06/26 12:0 a.m.•2 views

WordPress Plugin Spotify Play Button Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6.1AI score0.00356EPSS

Exploits2References2

Patchstack•added 2024/06/25 6:33 a.m.•4 views

WordPress WPCafe plugin <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode vulnerability

Authenticated Contributor+ File inclusion via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WPCafe versions = 2.2.25...

8.8CVSS7AI score0.00593EPSS

Vulnrichment•added 2024/06/25 5:41 a.m.•22 views

CVE-2024-5431 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservationextrafield shortcode parameter. This makes it possible for authenticated...

8.8CVSS7.3AI score0.00593EPSS

Patchstack•added 2024/06/24 9:59 a.m.•4 views

WordPress Mosaic theme <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Mosaic versions = 1.7.1...

6.4CVSS5.8AI score0.00257EPSS

Patchstack•added 2024/06/24 9:54 a.m.•3 views

WordPress Grey Opaque theme <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Download-Button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Download-Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Grey Opaque versions = 2.0.1...

6.4CVSS5.8AI score0.00259EPSS

OSV•added 2024/06/22 4:15 a.m.•3 views

CVE-2024-5965

The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00257EPSS

OSV•added 2024/06/22 4:15 a.m.•3 views

CVE-2024-5966

The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Download-Button shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00259EPSS

Cvelist•added 2024/06/22 3:30 a.m.•29 views

CVE-2024-5965 Mosaic <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

6.4CVSS0.00257EPSS

Patchstack•added 2024/06/21 7:13 a.m.•4 views

WordPress DOP Shortcodes plugin <= 1.2 - Contributor+ Stored XSS via Shortcode vulnerability

Contributor+ Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin DOP Shortcodes versions = 1.2...

6.1CVSS6AI score0.00315EPSS

Exploits2References1Affected Software1

OSV•added 2024/06/21 6:15 a.m.•1 views

CVE-2024-5448

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perfo...

5.4CVSS5.8AI score0.00315EPSS

OSV•added 2024/06/21 6:15 a.m.•4 views

CVE-2024-5447

The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowe...

4.8CVSS5.8AI score0.00319EPSS

NVD•added 2024/06/21 6:15 a.m.•18 views

CVE-2024-5448

6.1CVSS0.00315EPSS

Cvelist•added 2024/06/21 6:0 a.m.•19 views

CVE-2024-5448 PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS

0.00315EPSS

Vulnrichment•added 2024/06/21 6:0 a.m.•13 views

CVE-2024-5448 PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS

5.9AI score0.00315EPSS