CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3475 matches found

Cvelist•added 2024/07/13 6:0 a.m.•30 views

CVE-2024-4752 EventON < 2.2.15 - Admin+ Stored Cross-Site Scripting via event subtitle

The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00376EPSS

Exploits1References1

Vulnrichment•added 2024/07/13 6:0 a.m.•11 views

CVE-2024-4752 EventON < 2.2.15 - Admin+ Stored Cross-Site Scripting via event subtitle

5.7AI score0.00376EPSS

Exploits1References1

CVE•added 2024/07/13 6:0 a.m.•48 views

CVE-2024-3964

The CVE concerns the WordPress plugin Product Enquiry for WooCommerce, affected in versions prior to 3.1.8. The root cause is that the plugin does not sanitize and escape certain settings, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., administrators), even when ...

5.9CVSS5.2AI score0.00449EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2024/07/13 6:0 a.m.•10 views

CVE-2024-3751 Seriously Simple Podcasting < 3.3.0 - Admin+ Stored XSS

The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.00429EPSS

Exploits1References1

Cvelist•added 2024/07/13 6:0 a.m.•26 views

CVE-2024-3751 Seriously Simple Podcasting < 3.3.0 - Admin+ Stored XSS

0.00429EPSS

Exploits1References1

Positive Technologies•added 2024/07/13 12:0 a.m.•3 views

PT-2024-36407 · WordPress · Wp Quicklatex

Name of the Vulnerable Software and Affected Versions: WP QuickLaTeX WordPress plugin versions prior to 3.8.7 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed,...

7.1CVSS6AI score0.00407EPSS

Exploits1References4

OSV•added 2024/07/12 6:15 a.m.•2 views

CVE-2024-4753

The WP Secure Maintenance WordPress plugin before 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0033EPSS

Exploits1References1

OSV•added 2024/07/12 6:15 a.m.•1 views

CVE-2024-5811

The Simple Video Directory WordPress plugin before 1.4.4 does not sanitise and escape some of its settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS5.8AI score0.00335EPSS

Exploits1References1

NVD•added 2024/07/12 6:15 a.m.•24 views

CVE-2024-5811

6.1CVSS0.00335EPSS

Exploits1References1

OSV•added 2024/07/12 6:15 a.m.•2 views

CVE-2024-3112

The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

4.8CVSS5.9AI score

Exploits0References1

NVD•added 2024/07/12 6:15 a.m.•19 views

CVE-2024-3112

4.9CVSS0.00414EPSS

Exploits1References1

OSV•added 2024/07/12 6:15 a.m.•3 views

CVE-2024-0974

The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0033EPSS

Exploits1References1

Vulnrichment•added 2024/07/12 6:0 a.m.•13 views

CVE-2024-5811 Simple Video Directory < 1.4.4 - Contributor+ Stored XSS

5.8AI score0.00335EPSS

Exploits1References1

Vulnrichment•added 2024/07/12 6:0 a.m.•13 views

CVE-2024-2696 Swift Framework < 2024.04.30 - Admin+ Stored XSS via Settings

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.00373EPSS

Exploits1References1

Cvelist•added 2024/07/12 6:0 a.m.•19 views

CVE-2024-2696 Swift Framework < 2024.04.30 - Admin+ Stored XSS via Settings

0.00373EPSS

Exploits1References1

Vulnrichment•added 2024/07/12 6:0 a.m.•10 views

CVE-2024-3112 Quotes and Tips < 1.45 - Admin+ Arbitrary File Upload

6.8AI score0.00414EPSS

Exploits1References1

Vulnrichment•added 2024/07/12 6:0 a.m.•12 views

CVE-2024-4753 WP Secure Maintenance < 1.7 - Admin+ Stored XSS

5.6AI score0.0033EPSS

Exploits1References1

Cvelist•added 2024/07/12 6:0 a.m.•23 views

CVE-2024-3112 Quotes and Tips < 1.45 - Admin+ Arbitrary File Upload

0.00414EPSS

Exploits1References1

Vulnrichment•added 2024/07/12 6:0 a.m.•15 views

CVE-2024-0974 Social Media Widget < 4.0.9 - Admin+ Stored XSS

5.7AI score0.0033EPSS

Exploits1References1

Positive Technologies•added 2024/07/12 12:0 a.m.•3 views

PT-2024-23788 · Bestwebsoft · The Quotes/Tips By Bestwebsoft Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Quotes and Tips by BestWebSoft WordPress plugin versions prior to 1.45 Description: The issue concerns the improper validation of image files uploaded by high privilege users, such as admins, allowing them to upload arbitrary files on the...

4.9CVSS7.1AI score0.00414EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by