CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Vulnrichment•added 2024/02/20 6:56 p.m.•8 views

CVE-2024-1054

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcjproductbarcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. This makes ...

6.4CVSS5.7AI score0.00343EPSS

Exploits0References2

Cvelist•added 2024/02/20 6:56 p.m.•17 views

CVE-2024-1282 Email Encoder – Protect Email Addresses and Phone Numbers <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

6.4CVSS5.8AI score0.00443EPSS

Exploits0References5

Cvelist•added 2024/02/20 6:56 p.m.•25 views

CVE-2024-1277 Ocean Extra <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to...

6.4CVSS5.9AI score0.00463EPSS

Exploits0References4

Vulnrichment•added 2024/02/20 6:56 p.m.•13 views

CVE-2024-1519 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization...

6.5CVSS7AI score0.00572EPSS

Exploits0References3

Vulnrichment•added 2024/02/20 6:56 p.m.•8 views

CVE-2024-1236 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization...

6.4CVSS7AI score0.00469EPSS

Exploits0References4

Cvelist•added 2024/02/20 6:56 p.m.•33 views

CVE-2023-6923 Matomo <= 4.15.3 - Reflected Cross-Site Scripting via idsite

The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

6.1CVSS6.1AI score0.00499EPSS

Exploits0References2

Vulnrichment•added 2024/02/20 6:56 p.m.•12 views

CVE-2023-6806 Starbox <= 3.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Job Settings

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

6.4CVSS7AI score0.00427EPSS

Exploits0References2

Vulnrichment•added 2024/02/20 6:56 p.m.•12 views

CVE-2024-1447 Sydney Toolbox <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated...

6.4CVSS7AI score0.00432EPSS

Exploits0References4

CVE•added 2024/02/20 6:56 p.m.•79 views

CVE-2024-0792

CVE-2024-0792 affects the WordPress WP Shortcodes Plugin — Shortcodes Ultimate up to version 7.0.1. The issue is stored XSS via the plugin’s shortcodes in RSS feed content due to insufficient input sanitization and output escaping. Exploitation requires authentication at contributor level or high...

6.4CVSS6AI score0.00443EPSS

Exploits0References4Affected Software1

NVD•added 2024/02/20 4:15 a.m.•13 views

CVE-2024-1559

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'llreciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.5CVSS5.9AI score0.00415EPSS

Exploits0References2

Prion•added 2024/02/20 4:15 a.m.•14 views

Cross site scripting

6.4CVSS6.3AI score0.00415EPSS

Exploits0References2

Prion•added 2024/02/20 3:15 a.m.•13 views

Cross site scripting

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sutooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplie...

5.5CVSS5.9AI score0.00473EPSS

Exploits0References3

CNNVD•added 2024/02/20 12:0 a.m.•2 views

Atlassian Confluence Security Vulnerability

Atlassian Confluence is a suite of specialized enterprise knowledge management and collaboration software from Atlassian Australia that can also be used to build enterprise WiKi. A security vulnerability exists in Atlassian Confluence Data Center and Server that stems from the presence of stored...

8.5CVSS6.3AI score0.00471EPSS

Exploits0References3

WPVulnDB•added 2024/02/20 12:0 a.m.•18 views

ProfilePress < 4.15.0 - Unauthenticated Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'name' parameter due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This...

6.4CVSS5.8AI score0.00572EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/02/20 12:0 a.m.•17 views

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin < 3.4.2.5 - Reflected Cross-Site Scripting.

Description The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes...

5.8CVSS6.2AI score0.0061EPSS

Exploits0References1Affected Software1

NVD•added 2024/02/14 7:15 p.m.•16 views

CVE-2024-25300

A cross-site scripting XSS vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section...

4.8CVSS5AI score0.00358EPSS

Exploits0References1

NVD•added 2024/02/14 3:15 p.m.•15 views

CVE-2024-25221

A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php...

6.1CVSS5.9AI score0.00413EPSS

Exploits1References1

NVD•added 2024/02/14 3:15 p.m.•11 views

CVE-2024-25224

A cross-site scripting XSS vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function...

5.4CVSS5.6AI score0.00375EPSS

Exploits1References1

NVD•added 2024/02/14 3:15 p.m.•10 views

CVE-2024-25225

A cross-site scripting XSS vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function...

6.1CVSS5.6AI score0.00411EPSS

Exploits1References1

NVD•added 2024/02/14 3:15 p.m.•17 views

CVE-2024-25218

A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php...

6.1CVSS5.9AI score0.00411EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by