CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

NVD•added 2024/04/23 10:15 p.m.•9 views

CVE-2024-30886

A stored cross-site scripting XSS vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter...

5.4CVSS5.4AI score0.00325EPSS

Exploits1References1

CVE•added 2024/04/23 1:50 p.m.•83 views

CVE-2024-2477

CVE-2024-2477 affecting wpDiscuz for WordPress: Stored XSS via the image Alt text in image uploads exists in all versions up to 7.6.15 due to insufficient input sanitization/output escaping. The Red Hat advisory and Wordfence note describe the vulnerability as present in wpDiscuz and detail that ...

6.4CVSS5.7AI score0.0034EPSS

Exploits0References2Affected Software1

NVD•added 2024/04/23 10:15 a.m.•17 views

CVE-2024-3732

The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdsingletabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on us...

6.4CVSS5.7AI score0.0032EPSS

Exploits0References2

Cvelist•added 2024/04/23 9:32 a.m.•22 views

CVE-2024-3732 GeoDirectory – WordPress Business Directory Plugin, or Classified Directory <= 2.3.48 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'gd_single_tabs' Shortcode

6.4CVSS5.8AI score0.0032EPSS

Exploits0References2

Vulnrichment•added 2024/04/23 9:32 a.m.•12 views

CVE-2024-3665 Rank Math SEO with AI SEO Tools <= 1.0.216 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleWrapper'

The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS6.9AI score0.00453EPSS

Exploits0References5

CVE•added 2024/04/23 5:33 a.m.•63 views

CVE-2024-2798

CVE-2024-2798 – Royal Elementor Addons and Templates (WordPress) : A DOM-based stored cross-site scripting vulnerability affects all versions up to 1.3.971 in the plugin, caused by insufficient input sanitization and output escaping on widget container attributes. Exploitation requires authentica...

6.5CVSS5.7AI score0.00336EPSS

Exploits0References2Affected Software1

CVE•added 2024/04/23 5:33 a.m.•64 views

CVE-2024-2799

CVE-2024-2799 affects the Royal Elementor Addons and Templates WordPress plugin. The issue is stored XSS via Image Grid and Advanced Text widgets due to insufficient input sanitization and output escaping in user-supplied attributes, allowing an authenticated attacker with contributor+ privileges...

6.4CVSS5.7AI score0.00434EPSS

Exploits0References4Affected Software1

WPVulnDB•added 2024/04/23 12:0 a.m.•20 views

Canva – Design beautiful blog graphics <= 1.2.4 - Reflected Cross-Site Scripting

Description The Canva – Design beautiful blog graphics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.4AI score0.00333EPSS

Exploits0References1

WPVulnDB•added 2024/04/23 12:0 a.m.•10 views

Related Posts for WordPress <= 4.0.3 - Cross-Site Request Forgery

Description The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.3. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.7AI score0.00244EPSS

Exploits0References1

Cvelist•added 2024/04/23 12:0 a.m.•17 views

CVE-2024-30886

5.5AI score0.00325EPSS

Exploits1References1

Vulnrichment•added 2024/04/23 12:0 a.m.•13 views

CVE-2024-30886

5.6AI score0.00325EPSS

Exploits1References1

WPVulnDB•added 2024/04/23 12:0 a.m.•17 views

BMI Adult & Kid Calculator < 1.2.2 - Cross-Site Request Forgery to Cross-Site Scripting

Description The BMI Adult & Kid Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on several AJAX functions. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.6AI score0.00184EPSS

Exploits0References1Affected Software1

CVE•added 2024/04/23 12:0 a.m.•62 views

CVE-2024-30886

Issue summary: CVE-2024-30886 is a stored XSS in HadSky v7.6.3, specifically in the remotelink function where an attacker can inject a crafted payload into the url parameter to execute arbitrary web scripts/HTML. Affected component: HadSky, version 7.6.3, remotelink functionality. Root cause & im...

5.4CVSS5.6AI score0.00325EPSS

Exploits1References1Affected Software1

NVD•added 2024/04/22 3:15 p.m.•27 views

CVE-2022-34560

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter...

7.1CVSS5.6AI score0.00314EPSS

Exploits0References2

WPVulnDB•added 2024/04/22 12:0 a.m.•15 views

Frontend Admin by DynamiApps < 3.19.5 - Improper Missing Encryption Exception Handling to Form Manipulation

Description The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'feaencrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms...

9.8CVSS7AI score0.00815EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/04/22 12:0 a.m.•14 views

GeoDirectory – WordPress Business Directory Plugin, or Classified Directory < 2.3.49 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'gd_single_tabs' Shortcode

Description The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdsingletabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.0032EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/04/22 12:0 a.m.•19 views

Colibri Page Builder < 1.0.264 - Author+ Stored Cross-Site Scripting

Description The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00424EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/04/22 12:0 a.m.•15 views

CVE-2022-34561

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter...

5.8AI score0.00398EPSS

Exploits0References2

Cvelist•added 2024/04/22 12:0 a.m.•15 views

CVE-2022-34560

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter...

5.7AI score0.00314EPSS

Exploits0References2

Cvelist•added 2024/04/22 12:0 a.m.•28 views

CVE-2022-34562

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box...

5.7AI score0.00311EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by