CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3797 matches found

Patchstack•added 2024/11/23 1:1 p.m.•2 views

WordPress April's Call Posts plugin <= 2.1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin April's Call Posts versions = 2.1.1...

7.1CVSS6.2AI score0.00114EPSS

Exploits0Affected Software1

Patchstack•added 2024/11/23 12:57 p.m.•2 views

WordPress Blizzard Quotes plugin <= 1.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Blizzard Quotes versions = 1.3...

7.1CVSS5.9AI score0.00114EPSS

Exploits0Affected Software1

Patchstack•added 2024/11/23 12:0 a.m.•10 views

WordPress Blizzard Quotes Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Blizzard Quotes Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53729 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed471ac7b5ce Credits SOPROBRO Required...

6.9AI score0.00114EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/11/22 4:45 p.m.•2 views

WordPress RealtyCandy IDX Broker Extended plugin <= 1.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin RealtyCandy IDX Broker Extended versions = 1.5.1...

7.1CVSS5.9AI score0.00062EPSS

Exploits0Affected Software1

Patchstack•added 2024/11/22 4:41 p.m.•2 views

WordPress Post Hits Counter plugin <= 2.8.23 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

CSRF to Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Post Hits Counter versions = 2.8.23...

7.1CVSS6.1AI score0.00062EPSS

Exploits0Affected Software1

Patchstack•added 2024/11/22 4:33 p.m.•1 views

WordPress Google Plus Share and +1 Button plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Google Plus Share and +1 Button versions = 1.0...

7.1CVSS5.9AI score0.00062EPSS

Exploits0Affected Software1

Patchstack•added 2024/11/22 4:9 p.m.•2 views

WordPress Advanced Event Manager plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Advanced Event Manager versions = 1.1.6...

6.5CVSS6.1AI score0.00089EPSS

Exploits0Affected Software1

Patchstack•added 2024/11/22 3:44 p.m.•2 views

WordPress Silverlight Video Player plugin <= 1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Silverlight Video Player versions = 1.0...

7.1CVSS6.2AI score0.00065EPSS

Exploits0Affected Software1

Patchstack•added 2024/11/22 3:39 p.m.•2 views

WordPress Kevin's plugin <= 2.0.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Kevin's versions = 2.0.0...

7.1CVSS6.2AI score0.00062EPSS

Exploits0Affected Software1

Patchstack•added 2024/11/22 3:37 p.m.•1 views

WordPress Hotlink2Watermark plugin <= 0.3.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Hotlink2Watermark versions = 0.3.2...

7.1CVSS6.2AI score0.00062EPSS

Exploits0Affected Software1

Patchstack•added 2024/11/22 2:1 p.m.•1 views

WordPress AI Quiz plugin <= 1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin AI Quiz versions = 1.1...

5.3CVSS7AI score0.00087EPSS

Exploits0Affected Software1

Patchstack•added 2024/11/22 12:0 a.m.•11 views

WordPress Kevin's Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Kevin's Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53712 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 3dc43c4ca7f8 Credits SOPROBRO Required privilege...

7AI score0.00062EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/11/21 12:0 a.m.•9 views

WordPress Ditty Plugin < 3.1.47 is vulnerable to Cross Site Scripting (XSS)

Software Ditty Type Plugin Vulnerable versions 3.1.47 Fixed in 3.1.47 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9600 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 83e7fc159d60 Credits Dmitrii Ignatyev Required privileg...

4.8CVSS6AI score0.0017EPSS

Exploits1References4Affected Software1

Patchstack•added 2024/11/20 9:51 a.m.•2 views

WordPress SP Blog Designer plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin SP Blog Designer versions = 1.0.0...

7.5CVSS7AI score0.0035EPSS

Exploits1Affected Software1

Patchstack•added 2024/11/20 9:49 a.m.•3 views

WordPress Shopready plugin <= 3.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Shopready versions = 3.6...

7.5CVSS7AI score0.01128EPSS

Exploits0Affected Software1

Patchstack•added 2024/11/20 9:31 a.m.•1 views

WordPress Sticky Social Icons plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by UKO Patchstack Alliance in WordPress Plugin Sticky Social Icons versions = 1.2.1...

5.9CVSS5.8AI score0.00068EPSS

Exploits0Affected Software1

Patchstack•added 2024/11/20 8:53 a.m.•2 views

WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerability

Arbitrary Plugin Activation/Deactivation to RCE vulnerability discovered by Mika Patchstack Alliance in WordPress Theme Grip versions = 1.0.9...

7AI score

Exploits0Affected Software1

Patchstack•added 2024/11/20 12:0 a.m.•8 views

WordPress AccessPress Staple Theme <= 1.9.1 is vulnerable to Arbitrary File Upload

Software AccessPress Staple Type Theme Vulnerable versions = 1.9.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52488 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 613a651ca664 Credits Mika Required privilege Subscriber...

6.6AI score

Exploits0References1Affected Software1

Patchstack•added 2024/11/19 2:16 p.m.•2 views

WordPress Ortto plugin <= 1.0.19 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Ortto versions = 1.0.19...

7.1CVSS6.1AI score0.00089EPSS

Exploits0Affected Software1

Patchstack•added 2024/11/19 1:15 p.m.•2 views

WordPress Jobify theme < 4.3.0 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jobify versions 4.3.0...

7.5CVSS7AI score0.00386EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by