Lucene search
K

134 matches found

CVE
CVE
added 2025/01/31 8:21 a.m.39 views

CVE-2024-13566

WP DataTable for WordPress is affected by a Stored Cross-Site Scripting (stored XSS) via the id parameter in all versions up to and including 0.2.6. Exploitation requires authenticated access at Contributor level or higher, enabling injection of scripts that execute when users load injected pages...

6.4CVSS5.8AI score0.00378EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/31 2:24 a.m.5 views

CVE-2024-13397 WPRadio – WordPress Radio Streaming Plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WPRadio – WordPress Radio Streaming Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpradioplayer' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

6.4CVSS5.7AI score0.00366EPSS
Exploits0References3
CVE
CVE
added 2025/01/26 6:41 a.m.50 views

CVE-2024-10705

CVE-2024-10705 affects the WordPress plugin “Multiple Page Generator Plugin – MPG” with vulnerability in all versions up to 4.0.5. The flaw is Server-Side Request Forgery (SSRF) via the mpg_download_file_by_link function, allowing authenticated attackers with editor-level access or higher to trig...

8.1CVSS5.3AI score0.0033EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/01/25 7:24 a.m.36 views

CVE-2024-12816

CVE-2024-12816 is a Stored Cross-Site Scripting vulnerability in the WordPress plugin “NOTICE BOARD BY TOWKIR” (versions ≤ 3.1). The flaw arises from insufficient input sanitization and output escaping on attributes used by the plugin’s notice-board shortcode. This allows authenticated attackers ...

6.4CVSS5.7AI score0.00296EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/24 9:21 a.m.4 views

CVE-2024-13583 Simple Gallery with Filter <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Simple Gallery with Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'c2twsgwf' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6.2AI score0.00289EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/11 7:21 a.m.12 views

CVE-2024-12527 Perfect Portal Widgets <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfectportalintakeform' shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00325EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/11 2:20 a.m.4 views

CVE-2024-12204 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization

The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it...

5.4CVSS6.7AI score0.00238EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/07 6:40 a.m.7 views

CVE-2024-12495 Bootstrap Blocks for WP Editor v2 <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Bootstrap Blocks for WP Editor v2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtb-bootstrap/column' block in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS5.8AI score0.00308EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/07 3:21 a.m.12 views

CVE-2024-12592 Sellsy <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testSellsy' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/24 9:21 a.m.16 views

CVE-2024-8721 Tracking Code Manager <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Tracking Code Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tracking code field in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...

6.4CVSS0.00331EPSS
Exploits0References3
CVE
CVE
added 2024/12/21 9:23 a.m.46 views

CVE-2024-12591

CVE-2024-12591 concerns the WordPress plugin MagicPost . A stored XSS vulnerability exists in the wb_share_social shortcode across versions up to 1.2.1, enabling authenticated attackers with contributor-level access or higher to inject scripts that execute in visitors’ browsers. The issue is caus...

6.4CVSS5.7AI score0.00331EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/20 6:59 a.m.8 views

CVE-2024-11775 Particle Background <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00331EPSS
Exploits0References3
CVE
CVE
added 2024/12/18 3:22 a.m.46 views

CVE-2024-12061

The CVE CVE-2024-12061 affects the Events Addon for Elementor (WordPress) with Information Exposure in versions up to 2.2.3 via the naevents_elementor_template shortcode. The issue stems from insufficient restrictions on which posts can be included, enabling authenticated attackers with Contribut...

4.3CVSS4.4AI score0.00367EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/14 4:23 a.m.8 views

CVE-2024-11755 IMS Countdown <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS7.4AI score0.00351EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/12 3:23 a.m.10 views

CVE-2024-12461 WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpreviveasync' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00467EPSS
Exploits0References3
NVD
NVD
added 2024/10/26 9:15 a.m.16 views

CVE-2024-9967

The WP show more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's showmore shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00334EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/16 5:8 p.m.34 views

Security Bulletin: Vulnerabilities in Elasticsearch affect watsonx.data

Summary Elasticsearch is vulnerable to local authenticated attacks to obtain sensitive information and denial of service attacks. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-31417 DESCRIPTION: Elasticsearch could allow a local authenticated attacker to obtain sensitive...

7.5CVSS7AI score0.60679EPSS
Exploits4Affected Software1
CVE
CVE
added 2024/09/04 6:49 a.m.51 views

CVE-2024-8106

CVE-2024-8106 : The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to a Sensitive Information Exposure flaw via the download_user_ajax function in all versions up to and including 3.0.8. Authenticated attackers with Subscriber+ access can exfiltrate sensitive data suc...

6.5CVSS6.5AI score0.00461EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/08/20 11:15 a.m.6 views

CVE-2024-7054

The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘closetext’ parameter in all versions up to, and including, 1.19.0 due to insufficient input sanitization and output...

5.4CVSS5.9AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.18 views

All-in-One Video Gallery < 3.7.0 - Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode

Description The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovgsearchform shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...

8.8CVSS7.3AI score0.00618EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder