CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3475 matches found

Positive Technologies•added 2024/06/13 12:0 a.m.•1 views

PT-2024-29406 · WordPress · Search & Replace

Name of the Vulnerable Software and Affected Versions: Search & Replace WordPress plugin versions prior to 3.2.2 Description: The issue allows admins to perform SQL injection attacks due to a parameter not being sanitized and escaped before use in a SQL statement. This can be particularly...

7.2CVSS7.7AI score0.00444EPSS

Exploits2References5

Positive Technologies•added 2024/06/13 12:0 a.m.•4 views

PT-2024-29421 · WordPress · The Floating Chat Widget

Name of the Vulnerable Software and Affected Versions: The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin versions prior to 3.2.3 Description: The issue allows high privilege users, such as admins, to perform...

6.1CVSS5.7AI score0.00426EPSS

Exploits2References5

OSV•added 2024/06/11 3:15 a.m.•2 views

CVE-2024-0653

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS5.9AI score

Exploits0References2

WPVulnDB•added 2024/06/11 12:0 a.m.•14 views

EazyDocs < 2.5.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC The PoC will be displayed on June...

5.9AI score0.00397EPSS

Exploits2Affected Software1

OSV•added 2024/06/07 6:15 a.m.•1 views

CVE-2024-4621

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example ...

4.8CVSS5.8AI score0.00351EPSS

Exploits2References1

OSV•added 2024/06/07 6:15 a.m.•1 views

CVE-2024-4756

The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS5.8AI score0.00333EPSS

Exploits2References1

NVD•added 2024/06/07 6:15 a.m.•18 views

CVE-2024-4756

5.4CVSS0.00333EPSS

Exploits2References1

Vulnrichment•added 2024/06/07 6:0 a.m.•21 views

CVE-2024-4756 WP Backpack <= 2.1 - Admin+ Stored XSS

5.6AI score0.00333EPSS

Exploits2References1

Cvelist•added 2024/06/07 6:0 a.m.•22 views

CVE-2024-4756 WP Backpack <= 2.1 - Admin+ Stored XSS

0.00333EPSS

Exploits2References1

CVE•added 2024/06/07 6:0 a.m.•65 views

CVE-2024-4621

CVE-2024-4621 affects ARForms – Premium WordPress Form Builder Plugin prior to version 6.6. The issue is a Stored XSS vulnerability caused by insufficient sanitisation/escaping of certain plugin settings, potentially allowing high-privilege users (e.g., admins) to inject scripts even when unfilte...

4.8CVSS4.9AI score0.00351EPSS

Exploits2References1Affected Software1

OSV•added 2024/06/06 2:15 a.m.•2 views

CVE-2024-4942

The Custom Dash plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS5.9AI score0.00265EPSS

Exploits0References2

WPVulnDB•added 2024/06/05 12:0 a.m.•11 views

Video Widget <= 1.2.3 - Admin+ Stored XSS via Widget

5AI score0.00399EPSS

Exploits2

WPVulnDB•added 2024/06/05 12:0 a.m.•11 views

Frontend Checklist <= 2.3.2 - Admin+ Stored XSS via Items

5.5AI score0.0033EPSS

Exploits2

OSV•added 2024/05/31 6:15 a.m.•2 views

CVE-2024-4469

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

7.5CVSS5.7AI score0.00591EPSS

Exploits2References1

NVD•added 2024/05/31 6:15 a.m.•11 views

CVE-2024-4469

7.5CVSS9.4AI score0.00591EPSS

Exploits2References1

Vulnrichment•added 2024/05/31 6:0 a.m.•10 views

CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF

6.6AI score0.00591EPSS

Exploits2References1

CVE•added 2024/05/31 6:0 a.m.•3220 views

CVE-2024-4469

CVE-2024-4469 affects the WP STAGING WordPress Backup Plugin (pre-3.5.0). An administrator can trigger server-side request forgery (SSRF) which may impact multisite setups. The issue is mitigated/solved by upgrading to version 3.5.0 or later (patch).

7.5CVSS6.5AI score0.00591EPSS

Exploits2References1Affected Software1

Cvelist•added 2024/05/31 6:0 a.m.•23 views

CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF

9.4AI score0.00591EPSS

Exploits2References1

WPVulnDB•added 2024/05/31 12:0 a.m.•16 views

Google CSE <= 1.0.7 - Admin+ Stored XSS

5.4AI score0.00255EPSS

Exploits2

WPVulnDB•added 2024/05/31 12:0 a.m.•12 views

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS