CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1057 matches found

NVD•added 2024/05/18 5:15 a.m.•24 views

CVE-2024-4374

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00354EPSS

Exploits0References2

Positive Technologies•added 2024/05/16 12:0 a.m.•2 views

PT-2024-30865 · Boldgrid · Post/Page Builder By Boldgrid

Name of the Vulnerable Software and Affected Versions: The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress versions up to, and including, 1.26.4 Description: The issue is related to Stored Cross-Site Scripting via an unknown parameter due to insufficient input...

6.4CVSS5.9AI score0.00263EPSS

Exploits0References5

NVD•added 2024/05/15 12:15 a.m.•14 views

CVE-2024-4370

The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.0042EPSS

Exploits0References4

OSV•added 2024/05/02 5:15 p.m.•2 views

CVE-2024-3337

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibribreadcrumbelement' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.9AI score0.00423EPSS

Exploits0References2

OSV•added 2024/05/02 5:15 p.m.•1 views

CVE-2024-1759

The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score0.0034EPSS

Exploits0References2

OSV•added 2024/04/23 10:15 a.m.•2 views

CVE-2024-3665

The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

5.4CVSS6AI score0.00453EPSS

Exploits0References5

OSV•added 2024/04/18 11:15 a.m.•3 views

CVE-2023-6892

The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'algwceanproductmeta' shortcode in all versions up to, and including, 4.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.9AI score0.0032EPSS

Exploits0References2

NVD•added 2024/04/15 9:15 p.m.•8 views

CVE-2024-31652

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter...

6.1CVSS5.8AI score0.00426EPSS

Exploits1References1

OSV•added 2024/04/10 5:15 a.m.•2 views

CVE-2024-2735

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Price List' element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00516EPSS

Exploits0References2

CNNVD•added 2024/04/10 12:0 a.m.•2 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS5.8AI score0.00503EPSS

Exploits0References2

CNNVD•added 2024/04/10 12:0 a.m.•2 views

Adobe Experience Manager 跨站脚本漏洞

5.4CVSS5.8AI score0.00503EPSS

Exploits0References2

OSV•added 2024/04/09 7:15 p.m.•4 views

CVE-2024-2305

The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00343EPSS

Exploits0References2

OSV•added 2024/04/03 8:15 a.m.•5 views

CVE-2023-34423

Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the administrative privilege...

6.1CVSS5.7AI score

Exploits0References2

Positive Technologies•added 2024/04/02 12:0 a.m.•3 views

PT-2024-22836 · WordPress · Creative Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Creative Addons for Elementor plugin for WordPress versions up to, and including, 1.5.12 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's widgets, allowing...

6.4CVSS9.4AI score0.00327EPSS

Exploits0References4

NVD•added 2024/03/28 1:15 a.m.•17 views

CVE-2024-28005

Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N,...

4.7CVSS7.1AI score0.00481EPSS

Exploits0References2

CVE•added 2024/03/28 12:47 a.m.•80 views

CVE-2024-28005

CVE-2024-28005 affects NEC Aterm family (e.g., WG1800HP4, WG1200HS3, WG1900HP2, WR8165N, WM3400RN, WG1810HP, and many others listed in sources). The root cause is an Incorrect Permission Assignment for a Critical Resource (CWE-732) that, when combined with high privileges, allows an attacker to e...

4.7CVSS7.3AI score0.00481EPSS

Exploits0References2Affected Software1

CNNVD•added 2024/03/28 12:0 a.m.•3 views

NEC Aterm 安全漏洞

NEC Aterm is a series of wireless routers from Nippon Electric NEC. A security vulnerability exists in NEC Aterm that originates from an attacker with elevated privileges who can execute arbitrary scripts. The following products and versions are affected: WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP...

4.7CVSS8.7AI score0.00481EPSS

Exploits0References3

Positive Technologies•added 2024/03/28 12:0 a.m.•3 views

PT-2024-22201

Name of the Vulnerable Software and Affected Versions Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,...

4.7CVSS8.6AI score0.00481EPSS

Exploits0References8

OSV•added 2024/03/27 7:15 a.m.•2 views

CVE-2024-2781

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the videohtmltag attribute in all versions up to, and including, 3.20.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS6AI score0.00323EPSS

Exploits0References2

Japan Vulnerability Notes•added 2024/03/26 5:27 a.m.•2 views

TvRock vulnerable to cross-site scripting

Overview TvRock provided by TvRock according to the original report submitted by the reporter is a tool to set a timer recording for a TV program. TvRock contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved...

6.1CVSS6.1AI score0.00313EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by