CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2024/03/13 3:27 p.m.•30 views

CVE-2023-6957 Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

4.9CVSS5AI score0.00382EPSS

Cvelist•added 2024/03/13 3:27 p.m.•28 views

CVE-2024-1723 SiteOrigin Widgets Bundle <= 1.58.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...

6.4CVSS5.9AI score0.00501EPSS

Cvelist•added 2024/03/13 3:27 p.m.•23 views

CVE-2024-1038 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Reflected (DOM-Based) Cross-Site Scripting

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.4CVSS5.5AI score0.00592EPSS

Vulnrichment•added 2024/03/13 3:27 p.m.•14 views

CVE-2024-1038 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Reflected (DOM-Based) Cross-Site Scripting

5.4CVSS6.8AI score0.00592EPSS

Vulnrichment•added 2024/03/13 3:27 p.m.•19 views

CVE-2024-1365

The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feedid parameter in all versions up to, and including, 4.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.3AI score0.00466EPSS

Cvelist•added 2024/03/13 3:27 p.m.•22 views

CVE-2024-1365 YML for Yandex Market <= 4.2.3 - Reflected Cross-Site Scripting

6.1CVSS6.1AI score0.00466EPSS

CVE•added 2024/03/13 3:27 p.m.•69 views

CVE-2024-2030

The CVE-2024-2030 entry covers a stored XSS in the WordPress plugin set “Database for Contact Form 7, WPforms, Elementor forms” (contact-form-entries) up to version 1.3.3. The underlying issue is insufficient input sanitization and output escaping for user-supplied attributes in the plugin’s shor...

6.4CVSS6.9AI score0.00593EPSS

Cvelist•added 2024/03/13 3:27 p.m.•21 views

CVE-2024-1074 Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Audio Widget

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'linkurl' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00532EPSS

Cvelist•added 2024/03/13 3:27 p.m.•19 views

CVE-2023-7015 File Manager Pro <= 8.3.4 - Reflected Cross-Site Scripting

The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.2AI score0.00466EPSS

Vulnrichment•added 2024/03/13 3:27 p.m.•11 views

CVE-2023-7015 File Manager Pro <= 8.3.4 - Reflected Cross-Site Scripting

6.1CVSS7AI score0.00466EPSS

Cvelist•added 2024/03/13 3:27 p.m.•24 views

CVE-2024-1237 Elementor Header & Footer Builder <= 1.6.24 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyoutlayout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00514EPSS

Vulnrichment•added 2024/03/13 3:26 p.m.•14 views

CVE-2024-1691 Otter Blocks PRO <= 2.6.3 - Unauthenticated Stored Cross-Site Scripting via SVG Upload

The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping...

6.1CVSS7AI score0.00466EPSS

Vulnrichment•added 2024/03/13 3:26 p.m.•15 views

CVE-2024-0591 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.2 - Reflected Cross-Site Scripting.

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible...

6.1CVSS7AI score0.0061EPSS

Cvelist•added 2024/03/13 3:26 p.m.•32 views

CVE-2024-0591 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.2 - Reflected Cross-Site Scripting.

6.1CVSS6.1AI score0.0061EPSS

Cvelist•added 2024/03/13 3:26 p.m.•18 views

CVE-2024-0976 WP Event Manager <= 3.1.41 - Reflected Cross-Site Scripting via plugin

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS6.2AI score0.00592EPSS

Vulnrichment•added 2024/03/13 3:26 p.m.•11 views

CVE-2024-1296

The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00516EPSS

Cvelist•added 2024/03/13 3:26 p.m.•19 views

CVE-2024-1484 Booking for Appointments and Events Calendar – Amelia <= 1.0.98 - Reflected Cross-Site Scripting

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

6.1CVSS6.2AI score0.0048EPSS

Cvelist•added 2024/03/13 3:26 p.m.•23 views

CVE-2024-1392 Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

6.4CVSS5.8AI score0.00509EPSS

Vulnrichment•added 2024/03/13 3:26 p.m.•10 views

CVE-2024-1383 WPvivid Backup for MainWP <= 0.9.32 - Reflected Cross-Site Scripting

The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.1CVSS6.9AI score0.0061EPSS