Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2025/05/22 7:22 p.m.5 views

CVE-2021-24494

The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields, like the...

5.4CVSS5.4AI score0.00465EPSS
Exploits2References1
CNVD
CNVDadded 2021/07/07 12:0 a.m.24 views

WordPress WP Offload SES Lite plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress WP Offload SES Lite plugin prior to version 1.4.5...

5.4CVSS5.2AI score0.00465EPSS
Exploits2References1
NVD
NVDadded 2021/07/06 11:15 a.m.13 views

CVE-2021-24494

The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields, like the...

5.4CVSS0.00465EPSS
Exploits2References1
CVE
CVEadded 2021/07/06 11:3 a.m.62 views

CVE-2021-24494

CVE-2021-24494 affects the WordPress plugin WP Offload SES Lite (before 1.4.5). The vulnerability stems from not escaping certain fields on the Activity page of the admin dashboard (e.g., email id, subject, recipient), allowing a Stored XSS when an attacker can control those fields (for example v...

5.4CVSS5.3AI score0.00465EPSS
Exploits2References1Affected Software1
CNNVD
CNNVDadded 2021/07/06 12:0 a.m.3 views

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress WP Offload SES Lite plugin prior to version 1.4.5...

5.4CVSS5.3AI score0.00465EPSS
Exploits2References2
Patchstack
Patchstackadded 2021/06/30 12:0 a.m.164 views

WordPress WP Offload SES Lite plugin <= 1.4.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ionut Morosan in WordPress WP Offload SES Lite plugin versions = 1.4.4. Solution Update the WordPress WP Offload SES Lite plugin to the latest available version at least 1.4.5...

5.4CVSS1.9AI score0.00465EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDBadded 2021/06/29 12:0 a.m.26 views

WP Offload SES Lite < 1.4.5 - Stored Cross-Site Scripting (XSS)

The plugin did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields, like the subject when filling a contact form for exampl...

5.4CVSS1.1AI score0.00465EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder