Lucene search
K

46 matches found

CVE
CVE
added 2024/12/03 9:32 a.m.61 views

CVE-2024-12062

CVE-2024-12062 affects Charity Addon for Elementor ( WordPress ) up to version 1.3.2. Root cause: information exposure via the nacharity_elementor_template shortcode due to insufficient restriction on which posts can be included. Impact: authenticated attackers with Contributor-level access or hi...

4.3CVSS7.2AI score0.003EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/23 4:32 a.m.14 views

CVE-2024-11332 HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on...

6.4CVSS5.8AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/23 4:32 a.m.12 views

CVE-2024-11408 Slotti Ajanvaraus <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slotti' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00336EPSS
Exploits0References2
CVE
CVE
added 2024/11/21 5:33 a.m.58 views

CVE-2024-10671

CVE-2024-10671 affects the WordPress plugin Button Block (versions up to and including 1.1.4). The issue allows authenticated attackers with Contributor-level access and above to exfiltrate data from password‑protected, private, or draft posts via the btn_block shortcode due to insufficient post‑...

6.5CVSS4.4AI score0.00506EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/11/21 2:6 a.m.52 views

CVE-2024-10172

CVE-2024-10172 affects the WPBakery Visual Composer WHMCS Elements WordPress plugin (versions up to and including 1.0.4). The vulnerability is a Stored Cross-Site Scripting (XSS) in the shortcode void_wbwhmcse_laouts_search, caused by insufficient input sanitization and output escaping of user-su...

6.4CVSS5.7AI score0.00492EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/11/13 8:29 a.m.20 views

CVE-2024-9668 Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS0.00399EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/13 2:2 a.m.27 views

CVE-2024-10887 NiceJob <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping ...

6.4CVSS0.00447EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/11/12 3:24 a.m.9 views

CVE-2024-10695 Futurio Extra <= 2.0.13 - Authenticated (Contributor+) Post Disclosure

The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

4.3CVSS6.6AI score0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/25 8:34 a.m.7 views

CVE-2024-8666 Shoutcast Icecast HTML5 Radio Player <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Shoutcast Icecast HTML5 Radio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'html5radio' shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6.1AI score0.00282EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/25 6:51 a.m.17 views

CVE-2024-10148 Awesome buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn2 Shortcode

The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS0.00236EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/24 12:32 p.m.9 views

CVE-2024-10180 Contact Form 7 - Repeatable Fields <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via field_group Shortcode

The Contact Form 7 – Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fieldgroup shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5.8AI score0.00304EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/18 7:35 a.m.30 views

CVE-2024-10055 Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode

The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaiosnapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS0.00306EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/18 6:51 a.m.23 views

CVE-2024-9703 Arconix Shortcodes <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS0.00256EPSS
Exploits0References2
CVE
CVE
added 2024/10/11 8:30 a.m.45 views

CVE-2024-8913

CVE-2024-8913 affects The Plus Addons for Elementor (WordPress) up to version 5.6.11. The issue arises from the render function in modules/widgets/tp_accordion.php, enabling authenticated attackers with Contributor-level access and above to expose sensitive information (private, pending, and draf...

4.3CVSS4.7AI score0.00368EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/10/10 2:6 a.m.25 views

CVE-2024-8987 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via youzify_media Shortcode

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzifymedia shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and outpu...

6.4CVSS0.00302EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/10/09 7:33 a.m.16 views

CVE-2024-9451 Embed PDF Viewer <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via height and width Parameters

The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' and 'width' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00364EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/09 2:1 a.m.4 views

CVE-2024-7963 CMSMasters Content Composer <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00266EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/24 6:40 a.m.12 views

CVE-2024-8267 Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:radio-player' Gutenberg block in all versions up to, and including, 2.0.78 due to insufficient input...

6.4CVSS5.7AI score0.0033EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/09/13 3:10 p.m.13 views

CVE-2024-8747 Email Obfuscate Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00295EPSS
Exploits0References2
CVE
CVE
added 2024/08/09 4:29 a.m.76 views

CVE-2024-4359

CVE-2024-4359 (Element Pack for WordPress) : The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin is exploitable via arbitrary file read in all versions up to 5.7.2, using the SVG widget and insufficient file validation in render_svg. ...

6.5CVSS6.3AI score0.00507EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder