CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Cvelist•added 2024/10/16 2:5 a.m.•22 views

CVE-2024-9652 Locatoraid Store Locator <= 3.9.47 - Reflected Cross-Site Scripting

The Locatoraid Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $POST keys in all versions up to, and including, 3.9.47 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00355EPSS

Exploits0References3

Vulnrichment•added 2024/10/16 2:5 a.m.•9 views

CVE-2024-9652 Locatoraid Store Locator <= 3.9.47 - Reflected Cross-Site Scripting

6.1CVSS6.4AI score0.00355EPSS

Exploits0References3

CVE•added 2024/10/16 2:5 a.m.•58 views

CVE-2024-8787

CVE-2024-8787 (Smart Online Order for Clover, WordPress) is a Reflected Cross-Site Scripting vulnerability caused by improper escaping when using add_query_arg and remove_query_arg. It affects all versions up to and including 1.5.7. Unauthenticated attackers can inject arbitrary scripts into page...

6.1CVSS6.3AI score0.00363EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2024/10/16 2:5 a.m.•8 views

CVE-2024-8787 Smart Online Order for Clover <= 1.5.7 - Reflected Cross-Site Scripting

The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.4AI score0.00363EPSS

Exploits0References5

Cvelist•added 2024/10/16 2:5 a.m.•34 views

CVE-2024-8787 Smart Online Order for Clover <= 1.5.7 - Reflected Cross-Site Scripting

6.1CVSS0.00363EPSS

Exploits0References5

Cvelist•added 2024/10/16 12:0 a.m.•13 views

CVE-2024-46606

A cross-site scripting XSS vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

0.0037EPSS

Exploits1References4

Vulnrichment•added 2024/10/16 12:0 a.m.•11 views

CVE-2024-46605

A cross-site scripting XSS vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

5.9AI score0.00422EPSS

Exploits1References4

Cvelist•added 2024/10/16 12:0 a.m.•13 views

CVE-2024-46605

0.00422EPSS

Exploits1References4

OSV•added 2024/10/15 12:15 a.m.•10 views

CVE-2024-9548

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This makes it possible for unauthenticated...

6.1CVSS6AI score

Exploits0References3

NVD•added 2024/10/15 12:15 a.m.•11 views

CVE-2024-9548

7.2CVSS0.00496EPSS

Exploits0References3

Vulnrichment•added 2024/10/12 8:41 a.m.•12 views

CVE-2024-9595 TablePress <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS5.8AI score0.00288EPSS

Exploits0References2

NVD•added 2024/10/11 1:15 p.m.•8 views

CVE-2024-9611

The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers t...

6.1CVSS0.0041EPSS

Exploits0References3

NVD•added 2024/10/11 1:15 p.m.•10 views

CVE-2024-9543

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00333EPSS

Exploits0References5

NVD•added 2024/10/11 1:15 p.m.•13 views

CVE-2024-9221

The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.00399EPSS

Exploits0References4

NVD•added 2024/10/11 1:15 p.m.•8 views

CVE-2024-9346

The Embed videos and respect privacy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'v' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00344EPSS

Exploits0References3

NVD•added 2024/10/11 1:15 p.m.•12 views

CVE-2024-9051

The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpupg-grid-with-filters shortcode in all versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS0.00325EPSS

Exploits0References5

Cvelist•added 2024/10/11 7:37 a.m.•17 views

CVE-2024-9051 WP Ultimate Post Grid <= 3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-grid-with-filters Shortcode

6.4CVSS0.00325EPSS

Exploits0References5

Vulnrichment•added 2024/10/11 7:37 a.m.•9 views

CVE-2024-9051 WP Ultimate Post Grid <= 3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-grid-with-filters Shortcode

6.4CVSS5.8AI score0.00325EPSS

Exploits0References5

CVE•added 2024/10/11 6:50 a.m.•40 views

CVE-2024-9211

The CVE CVE-2024-9211 affects the WordPress plugin FULL – Cliente (≤ 3.1.22). It is a Reflected Cross-Site Scripting vulnerability caused by using add_query_arg and remove_query_arg without proper escaping, enabling unauthenticated attackers to inject scripts when a user is tricked into clicking ...

6.1CVSS6.3AI score0.00362EPSS

Exploits0References7

Cvelist•added 2024/10/11 6:50 a.m.•12 views

CVE-2024-9211 FULL – Cliente <= 3.1.22 - Reflected Cross-Site Scripting

The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00362EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by