Lucene search
K

23 matches found

CVE
CVE
added 2024/12/03 9:32 a.m.61 views

CVE-2024-12062

CVE-2024-12062 affects Charity Addon for Elementor ( WordPress ) up to version 1.3.2. Root cause: information exposure via the nacharity_elementor_template shortcode due to insufficient restriction on which posts can be included. Impact: authenticated attackers with Contributor-level access or hi...

4.3CVSS7.2AI score0.003EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/23 4:32 a.m.14 views

CVE-2024-11332 HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on...

6.4CVSS5.8AI score0.003EPSS
Exploits0References2
CVE
CVE
added 2024/11/21 2:6 a.m.53 views

CVE-2024-10172

CVE-2024-10172 affects the WPBakery Visual Composer WHMCS Elements WordPress plugin (versions up to and including 1.0.4). The vulnerability is a Stored Cross-Site Scripting (XSS) in the shortcode void_wbwhmcse_laouts_search, caused by insufficient input sanitization and output escaping of user-su...

6.4CVSS5.7AI score0.00492EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/12 3:24 a.m.10 views

CVE-2024-10695 Futurio Extra <= 2.0.13 - Authenticated (Contributor+) Post Disclosure

The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

4.3CVSS6.6AI score0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/25 8:34 a.m.7 views

CVE-2024-8666 Shoutcast Icecast HTML5 Radio Player <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Shoutcast Icecast HTML5 Radio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'html5radio' shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS6.1AI score0.00282EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/25 6:51 a.m.17 views

CVE-2024-10148 Awesome buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn2 Shortcode

The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS0.00236EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/18 7:35 a.m.30 views

CVE-2024-10055 Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode

The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaiosnapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS0.00306EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/18 6:51 a.m.23 views

CVE-2024-9703 Arconix Shortcodes <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS0.00256EPSS
Exploits0References2
CVE
CVE
added 2024/10/11 8:30 a.m.46 views

CVE-2024-8913

CVE-2024-8913 affects The Plus Addons for Elementor (WordPress) up to version 5.6.11. The issue arises from the render function in modules/widgets/tp_accordion.php, enabling authenticated attackers with Contributor-level access and above to expose sensitive information (private, pending, and draf...

4.3CVSS4.7AI score0.00368EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/10/10 2:6 a.m.25 views

CVE-2024-8987 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via youzify_media Shortcode

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzifymedia shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and outpu...

6.4CVSS0.00302EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/09 2:1 a.m.4 views

CVE-2024-7963 CMSMasters Content Composer <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00266EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/24 6:40 a.m.12 views

CVE-2024-8267 Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:radio-player' Gutenberg block in all versions up to, and including, 2.0.78 due to insufficient input...

6.4CVSS5.7AI score0.0033EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/09/13 3:10 p.m.13 views

CVE-2024-8747 Email Obfuscate Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00295EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/09 4:29 a.m.34 views

CVE-2024-4359 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the rendersvg function...

6.5CVSS0.00507EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/09 4:32 a.m.28 views

CVE-2024-4667 Blog, Posts and Category Filter for Elementor <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post and Category Filter Widget

The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post and Category Filter widget in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied 'posttypes' attribute...

6.4CVSS0.00322EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/04 3:32 a.m.33 views

CVE-2024-2385 Elementor Addons by Livemesh <= 8.4 - Authenticated (Contributor+) Limited Local File Inclusion via Widgets

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.4 via several of the plugin's widgets through the 'style' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to...

8.8CVSS0.00886EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/20 2:8 a.m.16 views

CVE-2024-3561 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) SQL Injection via Term Custom Field

The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

8.8CVSS7.3AI score0.00509EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/13 7:31 a.m.10 views

CVE-2024-4615 Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Horizontal Nav Menu Widget

The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to, and...

6.4CVSS5.8AI score0.00411EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/22 12:0 a.m.9 views

LayerSlider 7.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ls_search_form Shortcode

Description The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lssearchform shortcode in version 7.11.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00274EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/21 8:31 a.m.8 views

CVE-2024-3345 ShopLentor <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00357EPSS
Exploits0References3
Rows per page
Query Builder