CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3481 matches found

OSV•added 2024/08/06 10:13 a.m.•11 views

BIT-WORDPRESS-MULTISITE-2024-3992

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.6AI score0.00374EPSS

Exploits2References1

OSV•added 2024/08/05 6:16 a.m.•3 views

CVE-2024-3636

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS5.8AI score0.00348EPSS

Exploits1References1

OSV•added 2024/08/05 6:16 a.m.•1 views

CVE-2024-6270

The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00333EPSS

Exploits1References1

NVD•added 2024/08/05 6:16 a.m.•21 views

CVE-2024-3636

5.4CVSS0.00348EPSS

Exploits1References1

Vulnrichment•added 2024/08/05 6:0 a.m.•18 views

CVE-2024-6270 Community Events < 1.5.1 - Admin+ Stored XSS

5.4AI score0.00333EPSS

Exploits1References1

CVE•added 2024/08/05 6:0 a.m.•29 views

CVE-2024-6270

CVE-2024-6270 affects the WordPress plugin Community Events prior to 1.5.1. The issue is a Stored XSS vulnerability caused by insufficient sanitization and escaping of certain plugin settings. This can allow high-privilege users (e.g., administrators) to inject XSS even when unfiltered_html is di...

4.8CVSS5.4AI score0.00333EPSS

Exploits1References1Affected Software1

Cvelist•added 2024/08/05 6:0 a.m.•31 views

CVE-2024-3636 Pinpoint Booking System < 2.9.9.4.8 - Admin+ Stored XSS

0.00348EPSS

Exploits1References1

Positive Technologies•added 2024/08/03 12:0 a.m.•4 views

PT-2024-38240 · WordPress · Jetformbuilder

Name of the Vulnerable Software and Affected Versions: JetFormBuilder plugin for WordPress versions up to, and including, 3.3.4.1 Description: The issue is related to improper restriction on user meta fields, allowing authenticated attackers with administrator-level and above permissions to...

7.2CVSS7.3AI score0.00525EPSS

Exploits0References6

OSV•added 2024/08/01 6:15 a.m.•3 views

CVE-2024-2872

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.8AI score

Exploits0References1

Vulnrichment•added 2024/08/01 6:0 a.m.•7 views

CVE-2024-2872 Swift Framework < 2024.04.30 - Contributor+ Stored XSS

4.7AI score0.00312EPSS

Exploits1References1

Cvelist•added 2024/08/01 6:0 a.m.•31 views

CVE-2024-2872 Swift Framework < 2024.04.30 - Contributor+ Stored XSS

0.00312EPSS

Exploits1References1

CVE•added 2024/08/01 6:0 a.m.•41 views

CVE-2024-2872

The CVE-2024-2872 entry concerns the socialdriver-framework WordPress plugin, affected versions prior to 2024.04.30. The root cause is inadequate sanitisation and escaping of certain settings, enabling stored XSS by high-privilege users (e.g., Contributors), even when unfiltered_html is disallowe...

4.8CVSS5.7AI score0.00312EPSS

Exploits1References1Affected Software1

OSV•added 2024/07/31 6:15 a.m.•2 views

CVE-2024-6165

The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00351EPSS

Exploits1References1

OSV•added 2024/07/30 6:15 a.m.•3 views

CVE-2024-6536

The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

5.4CVSS5.8AI score

Exploits0References1

OSV•added 2024/07/30 6:15 a.m.•2 views

CVE-2024-3113

The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...

5.9CVSS5.8AI score0.0031EPSS

Exploits1References1

OSV•added 2024/07/30 6:15 a.m.•2 views

CVE-2024-5807

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...

7.2CVSS6AI score0.00645EPSS

Exploits1References1

OSV•added 2024/07/30 6:15 a.m.•2 views

CVE-2024-3986

The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00392EPSS

Exploits1References1

NVD•added 2024/07/30 6:15 a.m.•18 views

CVE-2024-5807

7.2CVSS0.00645EPSS

Exploits1References1

Vulnrichment•added 2024/07/30 6:0 a.m.•14 views

CVE-2024-6536 Zephyr Project Manager < 3.3.99 - Editor+ XSS

5.7AI score0.0072EPSS

Exploits2References1

Vulnrichment•added 2024/07/30 6:0 a.m.•18 views

CVE-2024-5807 Business Card <= 1.0.0 - Admin+ File Upload