Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3475 matches found

Cvelist
Cvelistadded 2024/08/05 6:0 a.m.28 views

CVE-2024-3636 Pinpoint Booking System < 2.9.9.4.8 - Admin+ Stored XSS

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00348EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/08/03 12:0 a.m.3 views

PT-2024-38240 · WordPress · Jetformbuilder

Name of the Vulnerable Software and Affected Versions: JetFormBuilder plugin for WordPress versions up to, and including, 3.3.4.1 Description: The issue is related to improper restriction on user meta fields, allowing authenticated attackers with administrator-level and above permissions to...

7.2CVSS7.3AI score0.00525EPSS
Exploits0References6
OSV
OSVadded 2024/08/01 6:15 a.m.2 views

CVE-2024-2872

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.8AI score
Exploits0References1
Cvelist
Cvelistadded 2024/08/01 6:0 a.m.31 views

CVE-2024-2872 Swift Framework < 2024.04.30 - Contributor+ Stored XSS

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

0.00312EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/08/01 6:0 a.m.7 views

CVE-2024-2872 Swift Framework < 2024.04.30 - Contributor+ Stored XSS

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.7AI score0.00312EPSS
Exploits1References1
CVE
CVEadded 2024/08/01 6:0 a.m.39 views

CVE-2024-2872

The CVE-2024-2872 entry concerns the socialdriver-framework WordPress plugin, affected versions prior to 2024.04.30. The root cause is inadequate sanitisation and escaping of certain settings, enabling stored XSS by high-privilege users (e.g., Contributors), even when unfiltered_html is disallowe...

4.8CVSS5.7AI score0.00312EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2024/07/31 6:15 a.m.2 views

CVE-2024-6165

The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00351EPSS
Exploits1References1
OSV
OSVadded 2024/07/30 6:15 a.m.2 views

CVE-2024-6536

The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

5.4CVSS5.8AI score
Exploits0References1
OSV
OSVadded 2024/07/30 6:15 a.m.1 views

CVE-2024-3113

The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...

5.9CVSS5.8AI score0.0031EPSS
Exploits1References1
OSV
OSVadded 2024/07/30 6:15 a.m.2 views

CVE-2024-5807

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...

7.2CVSS6AI score0.00645EPSS
Exploits1References1
OSV
OSVadded 2024/07/30 6:15 a.m.1 views

CVE-2024-3986

The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00392EPSS
Exploits1References1
NVD
NVDadded 2024/07/30 6:15 a.m.17 views

CVE-2024-5807

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...

7.2CVSS0.00645EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/07/30 6:0 a.m.13 views

CVE-2024-6536 Zephyr Project Manager < 3.3.99 - Editor+ XSS

The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

5.7AI score0.0072EPSS
Exploits2References1
Cvelist
Cvelistadded 2024/07/30 6:0 a.m.21 views

CVE-2024-5807 Business Card <= 1.0.0 - Admin+ File Upload

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...

0.00645EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/07/30 6:0 a.m.18 views

CVE-2024-5807 Business Card <= 1.0.0 - Admin+ File Upload

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...

7.3AI score0.00645EPSS
Exploits1References1
CVE
CVEadded 2024/07/30 6:0 a.m.48 views

CVE-2024-5807

The CVE-2024-5807 entry concerns the WordPress plugin Business Card (

7.2CVSS6.9AI score0.00645EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2024/07/30 6:0 a.m.44 views

CVE-2024-3986

CVE-2024-3986: SportsPress for WordPress versions prior to 2.7.22 is affected. The issue arises from improper sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., Admin) even when unfiltered_html is disallowed (e.g., multisite). The vulnerability affects t...

4.8CVSS5.4AI score0.00392EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2024/07/30 6:0 a.m.26 views

CVE-2024-3986 SportsPress < 2.7.22 - Admin+ Stored XSS

The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00392EPSS
Exploits1References1
CVE
CVEadded 2024/07/30 6:0 a.m.72 views

CVE-2024-3113

The CVE CVE-2024-3113 affects the FormFlow – WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin (pre-2.12.2). The Red Hat advisory and CVE details indicate this issue stems from inadequate sanitisation/escaping of certain plugin settings, enabling Stored XSS by h...

5.9CVSS5.4AI score0.0031EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2024/07/30 12:0 a.m.5 views

PT-2024-23793 · WordPress · Formflow: Whatsapp Social/Advanced Form Builder With Easy Lead Collection

Name of the Vulnerable Software and Affected Versions: The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin versions prior to 2.12.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, ev...

5.9CVSS5.7AI score0.0031EPSS
Exploits1References4
Rows per page
Query Builder