CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3475 matches found

OSV•added 2024/06/14 6:15 a.m.•4 views

CVE-2024-4005

The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00419EPSS

Exploits2References1

OSV•added 2024/06/14 6:15 a.m.•3 views

CVE-2024-3977

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00294EPSS

Exploits2References1

NVD•added 2024/06/14 6:15 a.m.•36 views

CVE-2024-3992

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00374EPSS

Exploits2References1

OSV•added 2024/06/14 6:15 a.m.•1 views

CVE-2024-3754

The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7CVSS5.8AI score

Exploits0References1

OSV•added 2024/06/14 6:15 a.m.•3 views

CVE-2024-2218

The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.6CVSS5.8AI score0.00342EPSS

Exploits2References1

NVD•added 2024/06/14 6:15 a.m.•34 views

CVE-2024-3754

4.7CVSS0.00359EPSS

Exploits2References1

CVE•added 2024/06/14 6:0 a.m.•64 views

CVE-2024-4005

CVE-2024-4005 : The Social Pixel WordPress plugin (versions up to 2.1) fails to sanitise/escape certain settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., multisite). Exploitation details are not provided in these documents beyond ...

5.4CVSS4.9AI score0.00419EPSS

Exploits2References1Affected Software1

Cvelist•added 2024/06/14 6:0 a.m.•33 views

CVE-2024-4005 Social Pixel <= 2.1 - Admin+ Stored XSS

0.00419EPSS

Exploits2References1

Vulnrichment•added 2024/06/14 6:0 a.m.•14 views

CVE-2024-3977 WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS

4.7AI score0.00294EPSS

Exploits2References1

Cvelist•added 2024/06/14 6:0 a.m.•34 views

CVE-2024-3977 WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS

0.00294EPSS

Exploits2References1

Vulnrichment•added 2024/06/14 6:0 a.m.•23 views

CVE-2024-3754 Alemha Watermarker <= 1.3.1 - Author+ Stored XSS

5.7AI score0.00359EPSS

Exploits2References1

Cvelist•added 2024/06/14 6:0 a.m.•29 views

CVE-2024-3754 Alemha Watermarker <= 1.3.1 - Author+ Stored XSS

0.00359EPSS

Exploits2References1

Vulnrichment•added 2024/06/14 6:0 a.m.•23 views

CVE-2024-2218 LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

5.8AI score0.00342EPSS

Exploits2References1

CVE•added 2024/06/14 6:0 a.m.•90 views

CVE-2024-2218

The CVE-2024-2218 issue affects the LuckyWP Table of Contents WordPress plugin up to version 2.1.4, where settings sanitization/escaping is insufficient, enabling admin-level Stored XSS in multisite or when unfiltered_html is disabled. Root cause: inadequate input sanitization/escapes in certain ...

4.6CVSS4.3AI score0.00342EPSS

Exploits2References1Affected Software1

Cvelist•added 2024/06/14 6:0 a.m.•39 views

CVE-2024-2218 LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

0.00342EPSS

Exploits2References1

Positive Technologies•added 2024/06/14 12:0 a.m.•4 views

PT-2024-28767 · WordPress · Social Pixel

Name of the Vulnerable Software and Affected Versions: The Social Pixel WordPress plugin versions through 2.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in...

5.4CVSS5.7AI score0.00419EPSS

Exploits2References6

Positive Technologies•added 2024/06/14 12:0 a.m.•4 views

PT-2024-28666 · WordPress · Wordpress Jitsi Shortcode

Name of the Vulnerable Software and Affected Versions: WordPress Jitsi Shortcode WordPress plugin versions 0.1 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, fo...

5.1CVSS5.7AI score0.00294EPSS

Exploits2References5

OSV•added 2024/06/13 6:15 a.m.•2 views

CVE-2024-4149

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac...

4.8CVSS5.8AI score

Exploits0References1

OSV•added 2024/06/13 6:15 a.m.•0 views

CVE-2024-4145

The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks such as within a multi-site network...

7.2CVSS5.8AI score0.00444EPSS

Exploits2References1

Vulnrichment•added 2024/06/13 6:0 a.m.•17 views

CVE-2024-4149 Floating Chat Widget < 3.2.3 - Admin+ Stored XSS

5.7AI score0.00426EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by