CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3479 matches found

OSV•added 2024/10/08 6:15 a.m.•3 views

CVE-2024-8983

Custom Twitter Feeds WordPress plugin before 2.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00397EPSS

Exploits1References1

OSV•added 2024/10/04 7:15 a.m.•1 views

CVE-2024-9306

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS5.7AI score

Exploits0References2

Positive Technologies•added 2024/10/03 12:0 a.m.•8 views

PT-2024-39560 · WordPress · Wp Booking Calendar

Name of the Vulnerable Software and Affected Versions: WP Booking Calendar plugin for WordPress versions up to, and including, 10.6 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

4.8CVSS6AI score0.00296EPSS

Exploits0References9

OSV•added 2024/09/30 6:15 a.m.•4 views

CVE-2024-8283

The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00365EPSS

Exploits1References1

OSV•added 2024/09/30 6:15 a.m.•3 views

CVE-2024-3635

The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00286EPSS

Exploits1References1

Vulnrichment•added 2024/09/30 6:0 a.m.•13 views

CVE-2024-8283 Slider by 10Web < 1.2.59 - Admin+ Stored XSS

5.4AI score0.00365EPSS

Exploits1References1

Cvelist•added 2024/09/30 6:0 a.m.•36 views

CVE-2024-3635 The Post Grid < 7.5.0 - Editor+ Stored XSS via Grid Creation

0.00286EPSS

Exploits1References1

OSV•added 2024/09/28 1:15 p.m.•4 views

CVE-2024-8189

The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmtmenuname’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score

Exploits0References4

Positive Technologies•added 2024/09/28 12:0 a.m.•6 views

PT-2024-38864 · WordPress · Wp Multitasking

Name of the Vulnerable Software and Affected Versions: WP MultiTasking – WP Utilities plugin for WordPress versions up to, and including, 0.1.17 Description: The issue is related to Stored Cross-Site Scripting via the wpmt menu name parameter due to insufficient input sanitization and output...

4.8CVSS6.2AI score0.00355EPSS

Exploits0References9

OSV•added 2024/09/25 9:15 a.m.•1 views

CVE-2024-9169

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS5.9AI score

Exploits0References2

CVE•added 2024/09/23 6:0 a.m.•46 views

CVE-2024-8758

CVE-2024-8758 affects the Quiz and Survey Master (QSM) WordPress plugin prior to version 9.1.3. The issue is stored XSS caused by insufficient sanitization/escaping of settings, potentially allowing high-privilege users (e.g., admins) to inject scripts even when unfiltered_html is disallowed (e.g...

4.8CVSS4.9AI score0.00363EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/09/23 6:0 a.m.•37 views

CVE-2024-8758 Quiz and Survey Master (QSM) < 9.1.3 - Author+ Stored XSS

The Quiz and Survey Master QSM WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00363EPSS

Exploits0References1

OSV•added 2024/09/17 6:15 a.m.•2 views

CVE-2024-5170

The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00315EPSS

Exploits1References1

Vulnrichment•added 2024/09/17 6:0 a.m.•16 views

CVE-2024-5170 Logo Manager For Enamad <= 0.7.1 - Admin+ Stored XSS via Widget

5.2AI score0.00315EPSS

Exploits1References1

Cvelist•added 2024/09/17 6:0 a.m.•27 views

CVE-2024-5170 Logo Manager For Enamad <= 0.7.1 - Admin+ Stored XSS via Widget

0.00315EPSS

Exploits1References1

OSV•added 2024/09/13 6:15 a.m.•9 views

CVE-2024-6617

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.8AI score0.00347EPSS

Exploits1References1