CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

RedhatCVE•added 2026/01/07 9:14 a.m.•5 views

CVE-2024-2304

The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animated-headline' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00102EPSS

Exploits0References1

NVD•added 2024/03/20 7:15 a.m.•8 views

CVE-2024-2304

6.4CVSS5.7AI score0.00102EPSS

Exploits0References2

CVE•added 2024/03/20 6:48 a.m.•54 views

CVE-2024-2304

The CVE refers to the WordPress Animated Headline plugin (affected: all versions up to 4.0) with a Stored XSS vulnerability via the animated-headline shortcode caused by insufficient input sanitization and lack of proper output escaping on user-supplied attributes. Exploitation requires authentic...

6.4CVSS7.6AI score0.00102EPSS

Exploits0References2

Vulnrichment•added 2024/03/20 6:48 a.m.•11 views

CVE-2024-2304 Animated Headline <= 4.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS7.4AI score0.00102EPSS

Exploits0References2

Cvelist•added 2024/03/20 6:48 a.m.•13 views

CVE-2024-2304 Animated Headline <= 4.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS5.8AI score0.00102EPSS

Exploits0References2

CNNVD•added 2024/03/20 12:0 a.m.•1 views

WordPress Plugin Animated Headline Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.4CVSS6AI score0.00102EPSS

Exploits0References3

Patchstack•added 2024/03/20 12:0 a.m.•11 views

WordPress Animated Headline Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Software Animated Headline Type Plugin Vulnerable versions = 4.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2304 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4d47f1ad7254 Credits Tien Luong Required...

6.4CVSS5.8AI score0.00102EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2024/03/20 12:0 a.m.•4 views

PT-2024-19643 · WordPress · Animated Headline

Name of the Vulnerable Software and Affected Versions: Animated Headline plugin for WordPress versions up to, and including, 4.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'animated-headline' shortcode. This allows...

6.4CVSS9.4AI score0.00102EPSS

Exploits0References3

WPVulnDB•added 2024/03/19 12:0 a.m.•18 views

Animated Headline <= 4.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animated-headline' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS5.7AI score0.00102EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by