CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting

The Tourfic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting XSS in versions up to and including 2.11.7 due to insufficient input sanitization and output escaping in the 'place' parameter. id: CVE-2024-29137 info: name: WordPress Tourfic Plugin = 2.11.7 - Cross-Site Scripting...

7.1CVSS7.7AI score0.11798EPSS

Exploits0References4

Positive Technologies•added 2026/02/09 12:0 a.m.•3 views

PT-2026-7195

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvm Memberships Payment Controller::processing' due to missing validation on a user controlled...

4.3CVSS5.5AI score0.00012EPSS

Exploits0References4

Vulnrichment•added 2025/08/08 12:0 a.m.•3 views

CVE-2020-9322

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...

5.4AI score0.00091EPSS

Exploits0References3

OSV•added 2024/03/19 2:15 p.m.•1 views

CVE-2024-29134

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Tourfic allows Stored XSS.This issue affects Tourfic: from n/a through 2.11.8...

5.4CVSS5.8AI score0.00104EPSS

Exploits0References1

PyPA•added 2021/06/17 5:15 p.m.•3 views

PYSEC-2021-103

Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the % includeblock % template tag is used to output the value of a plain-text StreamField block...

5.4CVSS5.8AI score0.00294EPSS

Exploits1References4Affected Software1

CNVD•added 2017/06/26 12:0 a.m.•2 views

EllisLab ExpressionEngine Weak Password Vulnerability

EllisLab ExpressionEngine is the United States EllisLab company's set of content management system CMS, it provides Web publishing, template engine and attachment components and other modules. A security vulnerability exists in EllisLab ExpressionEngine version 2.x prior to 2.11.8 and version 3.x...

7.5CVSS7.3AI score0.00702EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by