CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-11582

Malware in sbrugna...

5.4CVSS5.6AI score0.0018EPSS

Exploits2References2

RedhatCVE•added 2025/05/22 7:23 p.m.•4 views

CVE-2021-24670

The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks...

5.4CVSS6AI score0.0018EPSS

Exploits2References1

OSV•added 2021/09/27 4:15 p.m.•2 views

CVE-2021-24670

The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.0018EPSS

Exploits2References1

NVD•added 2021/09/27 4:15 p.m.•7 views

CVE-2021-24670

The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks...

5.4CVSS0.0018EPSS

Exploits2References1

Prion•added 2021/09/27 4:15 p.m.•12 views

Cross site scripting

The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks...

3.5CVSS5.3AI score0.0018EPSS

Exploits2References1Affected Software1

Cvelist•added 2021/09/27 3:25 p.m.•11 views

CVE-2021-24670 CoolClock < 4.3.5 - Contributor+ Stored Cross-Site Scripting

The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks...

5.5AI score0.0018EPSS

Exploits2References1

CVE•added 2021/09/27 3:25 p.m.•40 views

CVE-2021-24670

CVE-2021-24670 affects the CoolClock WordPress plugin prior to version 4.3.5. The root cause is failure to properly escape some shortcode attributes, enabling Stored Cross-Site Scripting (XSS) by users with as low as Contributor role. Impact is client-side code execution through crafted shortcode...

5.4CVSS5.3AI score0.0018EPSS

Exploits2References1Affected Software1

CNNVD•added 2021/09/27 12:0 a.m.•2 views

WordPress 插件跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin CoolClock suffers from a cross-site scripting vulnerability that stems from the fact that versions of the CoolClock WordPress plugin prior to 4.3.5 do not get rid of a number of short-code attributes that...

5.4CVSS5.6AI score0.0018EPSS

Exploits2References2

Patchstack•added 2021/08/30 12:0 a.m.•11 views

WordPress CoolClock plugin <= 4.3.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress CoolClock plugin versions = 4.3.4. Solution Update the WordPress CoolClock plugin to the latest available version at least 4.3.5...

5.4CVSS2.1AI score0.0018EPSS

Exploits2References3Affected Software1

WPVulnDB•added 2021/08/30 12:0 a.m.•18 views

CoolClock < 4.3.5 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks PoC As a user with a role as low as contributor, put the following shortcode in a post/page and view/preview it to trigger the XSS which is specific...

5.4CVSS2.7AI score0.0018EPSS

Exploits2Affected Software1

wpexploit•added 2021/08/30 12:0 a.m.•483 views

CoolClock < 4.3.5 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks As a user with a role as low as contributor, put the following shortcode in a post/page and view/preview it to trigger the XSS which is specific to...

5.4CVSS0.3AI score0.0018EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by