Lucene search
K

2076 matches found

OSV
OSV
added 2024/10/18 5:15 a.m.3 views

CVE-2024-9373

The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

5.4CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2024/10/18 5:15 a.m.1 views

CVE-2024-9366

The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...

5.4CVSS5.9AI score0.00256EPSS
Exploits0References2
OSV
OSV
added 2024/10/18 5:15 a.m.1 views

CVE-2024-8916

The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

5.4CVSS5.9AI score
Exploits0References2
CNNVD
CNNVD
added 2024/10/18 12:0 a.m.3 views

WordPress plugin Product Customizer Light 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.4CVSS5.9AI score0.00272EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/18 12:0 a.m.4 views

WordPress plugin Debrandify 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

6.4CVSS6AI score0.00288EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/18 12:0 a.m.4 views

WordPress plugin WPZest 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

6.4CVSS5.9AI score0.00256EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/18 12:0 a.m.3 views

WordPress plugin Branding 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS5.8AI score0.0028EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/17 5:53 p.m.5 views

WordPress Suki Sites Import plugin <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Suki Sites Import versions = 1.2.1...

6.4CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/17 5:46 p.m.4 views

WordPress Product Customizer Light plugin <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Product Customizer Light versions = 1.0.0...

6.4CVSS5.8AI score0.00272EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.6 views

PT-2024-39321 · WordPress · Fonto

Name of the Vulnerable Software and Affected Versions: Fonto – Custom Web Fonts Manager plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This...

6.4CVSS6.3AI score0.00353EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/10/16 9:10 p.m.7 views

WordPress Fonto – Custom Web Fonts Manager plugin <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Fonto versions = 1.2.1...

6.4CVSS5.8AI score0.00353EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/16 3:57 a.m.3 views

WordPress Zita Elementor Site Library plugin <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Zita Elementor Site Library versions = 1.6.3...

6.4CVSS5.7AI score0.00367EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.3 views

WordPress plugin ElementsReady Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.4CVSS6AI score0.00302EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/14 12:38 a.m.3 views

WordPress Category Icon plugin <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Category Icon versions = 1.0.0...

6.4CVSS5.8AI score0.00333EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/10 3:15 a.m.4 views

CVE-2024-9074

The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

5.4CVSS5.9AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 2024/10/10 2:15 a.m.3 views

CVE-2024-9072

The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00295EPSS
Exploits0References2
OSV
OSV
added 2024/10/10 2:15 a.m.4 views

CVE-2024-9066

The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...

5.4CVSS5.9AI score0.00242EPSS
Exploits0References2
OSV
OSV
added 2024/10/09 6:15 a.m.2 views

UBUNTU-CVE-2023-45872

An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is an assumption that it is an SVG document, leading to a denial of service application crash if it is not actually an SVG document...

6.5CVSS5.8AI score0.0035EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.3 views

PT-2024-39399 · WordPress · Elementor Inline Svg

Name of the Vulnerable Software and Affected Versions: Elementor Inline SVG plugin for WordPress version 1.2.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS5.8AI score0.00271EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.6 views

PT-2024-39646 · WordPress · Wp Builder

Name of the Vulnerable Software and Affected Versions: WP Builder plugin for WordPress versions up to, and including, 3.0.7 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

6.4CVSS6AI score0.00286EPSS
Exploits0References6
Rows per page
Query Builder