CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1178 matches found

WPVulnDB•added 2024/06/06 12:0 a.m.•9 views

Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks < 2.2.81 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization...

6.4CVSS5.8AI score0.0031EPSS

Exploits0References1Affected Software1

OSV•added 2024/06/05 7:15 a.m.•2 views

CVE-2024-5222

The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output...

5.4CVSS5.9AI score0.00233EPSS

Exploits0References4

Packet Storm•added 2024/05/31 12:0 a.m.•253 views

BWL Advanced FAQ Manager 2.0.3 SQL Injection

Exploit Title: BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection Date: 14 Apr 2024 Exploit Author: Ivan Spiridonov xbz0n Software Link: https://codecanyon.net/item/bwl-advanced-faq-manager/5007135 Version: 2.0.3 Tested on: Ubuntu 20.04 CVE: CVE-2024-32136 SQL Injection SQL injection is...

4.7CVSS7.1AI score0.35997EPSS

Exploits3

Cvelist•added 2024/05/24 6:42 a.m.•18 views

CVE-2024-4484 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xaiusername’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.03483EPSS

Exploits0References3

OSV•added 2024/05/23 11:15 a.m.•1 views

UBUNTU-CVE-2024-5258

An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic...

4.4CVSS5.8AI score0.00011EPSS

Exploits1References3

Vulnrichment•added 2024/05/22 8:31 a.m.•12 views

CVE-2024-4896 WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter

The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS5.8AI score0.00472EPSS

Exploits0References3

OSV•added 2024/05/22 8:15 a.m.•1 views

CVE-2024-4157

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for...

8.8CVSS6AI score

Exploits0References2

Cvelist•added 2024/05/22 5:32 a.m.•14 views

CVE-2024-5092 Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Switcher, Slider, and Iconbox Widgets

The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Switcher, Slider, and Iconbox widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.9AI score0.0047EPSS

Exploits0References4

WPVulnDB•added 2024/05/21 12:0 a.m.•6 views

Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'print-me' shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'tag'. This makes it...

6.4CVSS5.8AI score0.00311EPSS

Exploits0References1

WPVulnDB•added 2024/05/21 12:0 a.m.•13 views

Piotnet Addons For Elementor < 2.4.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Attributes

Description The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

7.2CVSS5.8AI score0.00431EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/05/21 12:0 a.m.•10 views

Ninja Beaver Add-ons for Beaver Builder <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets

Description The Ninja Beaver Add-ons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes such as urls. This...

6.4CVSS5.9AI score0.00235EPSS

Exploits0References1

Vulnrichment•added 2024/05/18 7:38 a.m.•14 views

CVE-2024-4709 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes i...

7.2CVSS5.8AI score0.00193EPSS

Exploits0References5

Cvelist•added 2024/05/16 8:32 a.m.•25 views

CVE-2024-3887 Royal Elementor Addons and Templates <= 1.3.974 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Builder Widget

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.5AI score0.00311EPSS

Exploits0References2

CVE•added 2024/05/16 5:33 a.m.•53 views

CVE-2024-4279

Summary: CVE-2024-4279 affects Tutor LMS – eLearning and online course solution for WordPress. An insecure direct object reference vulnerability exists in the tutor_course_delete function caused by missing validation on a user-controlled key, enabling an authenticated attacker with Instructor-lev...

6.5CVSS6.5AI score0.00218EPSS

Exploits0References3Affected Software1

OSV•added 2024/05/14 4:17 p.m.•5 views

PYSEC-2024-264

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue...

5.4CVSS6AI score0.03397EPSS

Exploits0References4

Vulnrichment•added 2024/05/09 8:3 p.m.•15 views

CVE-2024-2290 Advanced Ads – Ad Manager & AdSense <= 1.52.1 - Authenticated (Admin+) PHP Object Injection

The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placementslug' parameter. This makes it possible for authenticated attackers to inject a PHP Object. No POP chain is present in t...

7.2CVSS7.2AI score0.01046EPSS

Exploits0References3

Vulnrichment•added 2024/05/09 8:3 p.m.•14 views

CVE-2024-3807 Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'portopageheadershortcodetype', 'slideshowtype' and 'postlayout' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to...

8.8CVSS7.6AI score0.07278EPSS

Exploits0References2

WPVulnDB•added 2024/05/07 12:0 a.m.•16 views

School Management Pro <= 10.3.4 - Authenticated (School Admin+) SQL Injection

Description The The School Management Pro plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 10.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.6CVSS7.5AI score0.07898EPSS

Exploits1References1

Vulnrichment•added 2024/05/04 2:31 a.m.•13 views

CVE-2024-3868 Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name

The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

5.4CVSS6.1AI score0.00291EPSS

Exploits0References2

CVE•added 2024/05/03 12:18 a.m.•40 views

CVE-2024-34031

Delta Electronics DIAEnergie is vulnerable to an SQL injection in Handler_CFG.ashx (CVE-2024-34031). Affected product: DIAEnergie; version cited by ICS is v1.10.00.005. The root cause is improper neutralization of SQL commands in the endpoint, leading to potential system compromise when exploited...

8.8CVSS7.5AI score0.00058EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by