CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3475 matches found

OSV•added 2024/07/29 6:15 a.m.•1 views

CVE-2024-6487

The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.8AI score0.0042EPSS

Exploits1References1

Vulnrichment•added 2024/07/29 6:0 a.m.•18 views

CVE-2024-6487 Inline Related Posts < 3.8.0 - Admin+ Stored XSS

5.8AI score0.0042EPSS

Exploits1References1

Cvelist•added 2024/07/29 6:0 a.m.•30 views

CVE-2024-6487 Inline Related Posts < 3.8.0 - Admin+ Stored XSS

0.0042EPSS

Exploits1References1

Positive Technologies•added 2024/07/27 12:0 a.m.•2 views

PT-2024-37784 · WordPress · Paritypress – Parity Pricing With Discount Rules

Name of the Vulnerable Software and Affected Versions: The ParityPress – Parity Pricing with Discount Rules plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the...

5.5CVSS5.9AI score0.00334EPSS

Exploits0References5

OSV•added 2024/07/24 6:15 a.m.•3 views

CVE-2024-6094

The WP ULike WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score

Exploits0References1

Cvelist•added 2024/07/24 6:0 a.m.•39 views

CVE-2024-6094 WP ULike < 4.7.1 - Admin+ Stored XSS

0.00378EPSS

Exploits1References1

OSV•added 2024/07/23 6:15 a.m.•1 views

CVE-2024-6231

The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.8AI score0.00348EPSS

Exploits1References1

OSV•added 2024/07/22 6:15 a.m.•2 views

CVE-2024-5529

The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00331EPSS

Exploits1References1

Vulnrichment•added 2024/07/22 6:0 a.m.•20 views

CVE-2024-5529 WP QuickLaTeX < 3.8.8 - Admin+ Stored XSS

5.7AI score0.00331EPSS

Exploits1References1

Cvelist•added 2024/07/22 6:0 a.m.•32 views

CVE-2024-5529 WP QuickLaTeX < 3.8.8 - Admin+ Stored XSS

0.00331EPSS

Exploits1References1

NVD•added 2024/07/20 8:15 a.m.•12 views

CVE-2024-38673

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Obtain Infotech Multisite Content Copier/Updater allows Reflected XSS.This issue affects Multisite Content Copier/Updater: from n/a through 1.5.0...

7.1CVSS0.00334EPSS

Exploits0References1

Cvelist•added 2024/07/20 7:55 a.m.•16 views

CVE-2024-38673 WordPress Multisite Content Copier/Updater plugin <= 1.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00334EPSS

Exploits0References1

Vulnrichment•added 2024/07/20 7:55 a.m.•11 views

CVE-2024-38673 WordPress Multisite Content Copier/Updater plugin <= 1.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS7AI score0.00334EPSS

Exploits0References1

CVE•added 2024/07/20 7:55 a.m.•37 views

CVE-2024-38673

CVE-2024-38673 concerns the WordPress plugin “Multisite Content Copier/Updater.” The connected records describe an Reflect ed XSS due to Improper Neutralization of Input During Web Page Generation. Affected versions are indicated as “from n/a through 1.5.0.” The CVSS metrics shown (base score 7.1...

7.1CVSS7AI score0.00334EPSS

Exploits0References1

OSV•added 2024/07/19 6:15 a.m.•3 views

CVE-2024-5604

The Bug Library WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.8AI score0.00348EPSS

Exploits1References1

Vulnrichment•added 2024/07/19 6:0 a.m.•13 views

CVE-2024-5604 Bug Library < 2.1.2 - Admin+ Stored XSS

5.4AI score0.00348EPSS

Exploits1References1

Cvelist•added 2024/07/19 6:0 a.m.•27 views

CVE-2024-5604 Bug Library < 2.1.2 - Admin+ Stored XSS

0.00348EPSS

Exploits1References1

OSV•added 2024/07/18 7:42 a.m.•15 views

BIT-WORDPRESS-2024-3755

The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS5AI score0.00425EPSS

Exploits2References1

OSV•added 2024/07/18 7:41 a.m.•8 views

BIT-WORDPRESS-MULTISITE-2024-35655

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Brave Brave Popup Builder allows Stored XSS.This issue affects Brave Popup Builder: from n/a through 0.6.9...

5.9CVSS5.2AI score0.00279EPSS

Exploits0References1

OSV•added 2024/07/17 7:15 a.m.•3 views

CVE-2024-6669

The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by