CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

NVD•added 2024/03/21 2:49 a.m.•12 views

CVE-2023-49985

A cross-site scripting XSS vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter...

6.5CVSS5.6AI score0.00468EPSS

Exploits1References2

Vulnrichment•added 2024/03/20 6:48 a.m.•13 views

CVE-2024-1379

The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'abpauthkey' parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping and a missing authorization check. This makes it...

6.1CVSS6.1AI score0.00522EPSS

Exploits0References2

Cvelist•added 2024/03/20 6:48 a.m.•14 views

CVE-2024-2304 Animated Headline <= 4.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animated-headline' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00328EPSS

Exploits0References2

Cvelist•added 2024/03/20 6:48 a.m.•15 views

CVE-2024-2129 WPBITS Addons For Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's heading widget in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS5.8AI score0.00452EPSS

Exploits0References3

NVD•added 2024/03/20 5:15 a.m.•9 views

CVE-2024-2474

The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'color-button' shortcode in all versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS5.7AI score0.004EPSS

Exploits0References2

NVD•added 2024/03/20 4:15 a.m.•11 views

CVE-2024-2255

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS5.7AI score0.00559EPSS

Exploits0References3

OSV•added 2024/03/20 3:35 a.m.•1 views

MGASA-2024-0074 Updated cherrytree packages fix security vulnerability

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node. CVE-2022-35133...

6.1CVSS5.6AI score0.00421EPSS

Exploits0References2

NVD•added 2024/03/20 2:15 a.m.•16 views

CVE-2024-2387

The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via the ‘integrationid’ parameter in all versions up to, and including, 1.82.0 due to insufficient escaping on the user supplied paramete...

6.1CVSS6.5AI score0.01653EPSS

Exploits2References4

Vulnrichment•added 2024/03/20 1:57 a.m.•18 views

CVE-2024-2387 Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms <= 1.82.0 - SQL Injection to Reflected Cross-Site Scripting via integration_id

6.1CVSS7AI score0.01653EPSS

Exploits2References4

Cvelist•added 2024/03/20 12:0 a.m.•20 views

CVE-2024-29469

A stored cross-site scripting XSS vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module...

5.5AI score0.00375EPSS

Exploits1References1

WPVulnDB•added 2024/03/20 12:0 a.m.•19 views

Calendarista Basic Edition < 3.0.3 - Unauthenticated Cross-Site Scripting

Description The Calendarista Basic Edition plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.1CVSS6.3AI score0.00373EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/03/20 12:0 a.m.•14 views

Link Library < 7.6.1 - Reflected Cross-Site Scripting

Description The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00422EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/03/20 12:0 a.m.•12 views

AntiSpam for Contact Form 7 < 0.6.1 - Reflected Cross-Site Scripting

Description The AntiSpam for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

7.1CVSS6.3AI score0.00334EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/03/20 12:0 a.m.•12 views

Coupon Affiliates < 5.12.8 - Reflected Cross-Site Scripting

Description The Coupon Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.12.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.1CVSS6.5AI score0.00402EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/03/20 12:0 a.m.•12 views

Evergreen Content Poster < 1.4.2 - Reflected Cross-Site Scripting

Description The Evergreen Content Poster plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.3AI score0.00398EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/03/19 12:0 a.m.•17 views

Website Article Monetization By MageNet < 1.0.12 - Unauthenticated Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'abpauthkey' parameter due to insufficient input sanitization and output escaping and a missing authorization check. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

6.1CVSS6.3AI score0.00522EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/03/19 12:0 a.m.•18 views

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates < 4.5.4 - Contributor+ Stored XSS

Description The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates is vulnerable to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes such as listStyle. This makes it possible for...

6.4CVSS5.8AI score0.00559EPSS

Exploits0References1Affected Software1

NVD•added 2024/03/16 3:15 a.m.•11 views

CVE-2024-1239

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00375EPSS

Exploits0References2

Vulnrichment•added 2024/03/16 2:34 a.m.•14 views

CVE-2024-1239

6.4CVSS5.8AI score0.00375EPSS

Exploits0References2

Cvelist•added 2024/03/15 6:48 a.m.•20 views

CVE-2024-1796 HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'woof' shortcode in all versions up to, and including, 1.3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes such as...

6.4CVSS5.8AI score0.00346EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by