CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Vulnrichment•added 2024/10/18 4:32 a.m.•11 views

CVE-2024-9366 Easy Menu Manager | WPZest <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...

6.4CVSS5.8AI score0.00256EPSS

Exploits0References2

Cvelist•added 2024/10/10 2:6 a.m.•13 views

CVE-2024-9074 Advanced Blocks Pro <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

6.4CVSS0.00244EPSS

Exploits0References2

Vulnrichment•added 2024/09/26 9:29 a.m.•9 views

CVE-2024-9125 king_IE <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The kingIE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject...

6.4CVSS5.8AI score0.00252EPSS

Exploits0References2

Vulnrichment•added 2024/08/27 6:48 a.m.•18 views

CVE-2024-6804 Jeg Elementor Kit <= 2.6.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...

6.4CVSS5.8AI score0.00366EPSS

Exploits0References4

Cvelist•added 2024/08/22 9:29 a.m.•30 views

CVE-2024-7778 Orbit Fox by ThemeIsle <= 2.10.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

6.4CVSS0.0031EPSS

Exploits0References5

SUSE CVE•added 2023/02/15 6:15 a.m.•2 views

SUSE CVE-2006-2894

Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text bo...

4CVSS8.7AI score0.09648EPSS

Exploits1References5

Vulnerability Lab•added 2013/05/04 12:0 a.m.•15 views

File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities

Document Title: =============== File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=939 Release Date: ============= 2013-05-04 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by