CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added yesterday•6 views

EKC Tournament Manager WordPress plugin - Path Traversal

EKC Tournament Manager WordPress plugin 2.2.2 contains a path traversal caused by insufficient validation, letting logged in admin users download system files outside the WordPress directory. id: CVE-2024-9765 info: name: EKC Tournament Manager WordPress plugin - Path Traversal author: Sourabh-Sa...

6.5CVSS5.4AI score0.04608EPSS

Exploits1References1

Nuclei•added yesterday•8 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7.6AI score0.02302EPSS

Nuclei•added yesterday•8 views

AffiliateImporterEb <= 1.0.6 - Reflected XSS

AffiliateImporterEb WordPress plugin through 1.0.6 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12732 info: name: AffiliateImporterEb =...

6.1CVSS5.5AI score0.00199EPSS

Exploits1References1

Nuclei•added yesterday•10 views

System Dashboard < 2.8.15 - Admin+ Path Traversal

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server id: CVE-2024-10708 info: name: System Dashboard 2.8.15 - Admin+ Path...

4.9CVSS7.9AI score0.08496EPSS

Nuclei•added yesterday•10 views

Zarinpal Paid Download - Reflected XSS

Zarinpal Paid Download WordPress plugin v2.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires...

6.1CVSS7.6AI score0.01706EPSS

Nuclei•added yesterday•27 views

WooCommerce Ultimate Gift Card ≤ 2.6.0 - Arbitrary File Upload

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.6.0. This makes it possible for...

9.8CVSS8.8AI score0.41027EPSS

Nuclei•added yesterday•12 views

WP Triggers Lite - Cross-Site Scripting

WP Triggers Lite WordPress plugin v2.5.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS7.6AI score0.02641EPSS

Nuclei•added yesterday•5 views

WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. id: CVE-2024-5057 info: name: WordPress Easy Digital Downloads = 3.2.12 - SQL Injecti...

9.8CVSS5.6AI score0.57928EPSS

Exploits0References3

Nuclei•added yesterday•30 views

Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0250...

6.1CVSS5.5AI score0.21157EPSS

Exploits2References3

Nuclei•added yesterday•20 views

Ally – Web Accessibility & Usability <= 4.0.3 - SQL Injection

The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the getglobalremediations method, where it is directly concatenated...

7.5CVSS7.1AI score0.27276EPSS

Nuclei•added yesterday•12 views

Shortcode Ninja <= 1.4 - Cross-Site Scripting

A cross-site scripting vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter. id: CVE-2014-4550 info: name: Shortcode Ninja = 1.4 - Cross-Site Scripting...

6.1CVSS6.3AI score0.02712EPSS

Exploits2References3

Nuclei•added yesterday•20 views

WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion

Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter. id: CVE-2014-4577 info: name: WP AmASIN – The Amazon Affiliate Shop -...

5CVSS8AI score0.01825EPSS

Nuclei•added yesterday•16 views

WordPress Spreadsheet - Cross-Site Scripting

WordPress Spreadsheet plugin contains a reflected cross-site scripting vulnerability in /dhtmlxspreadsheet/codebase/spreadsheet.php. id: CVE-2013-6281 info: name: WordPress Spreadsheet - Cross-Site Scripting author: random-robbie severity: medium description: | WordPress Spreadsheet plugin contai...

4.3CVSS5.2AI score0.02858EPSS

Exploits1References5

Nuclei•added yesterday•17 views

Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting

The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues. id: CVE-2017-18558 info: name: Testimonials by BestWebSoft 0.1.9 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS...

6.1CVSS6.2AI score0.00097EPSS

Nuclei•added yesterday•16 views

Error Log Viewer by BestWebSoft < 1.0.6 - Cross-Site Scripting

The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues. id: CVE-2017-18562 info: name: Error Log Viewer by BestWebSoft 1.0.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS...

6.1CVSS6.2AI score0.00097EPSS

Nuclei•added yesterday•15 views

Visitors Online by BestWebSoft < 1.0.0 - Cross-Site Scripting

The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues. id: CVE-2017-18537 info: name: Visitors Online by BestWebSoft 1.0.0 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The visitors-online plugin before 1.0.0 for WordPress has multiple XSS...

6.1CVSS6.3AI score0.00059EPSS

Nuclei•added yesterday•19 views

Contact Form Multi by BestWebSoft < 1.2.1 - Cross-Site Scripting

The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues. id: CVE-2017-18490 info: name: Contact Form Multi by BestWebSoft 1.2.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The contact-form-multi plugin before 1.2.1 for WordPress has multip...

6.1CVSS6.3AI score0.00104EPSS

Nuclei•added yesterday•16 views

PromoBar by BestWebSoft < 1.1.1 - Cross-Site Scripting

The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18529 info: name: PromoBar by BestWebSoft 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.2AI score0.00059EPSS