CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1413 matches found

Vulnrichment•added 2025/01/08 6:0 a.m.•7 views

CVE-2024-10151 Auto iFrame < 2.0 - Contributor+ XSS via Shortcode

The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.9AI score0.00286EPSS

Exploits1References1

CNNVD•added 2025/01/08 12:0 a.m.•3 views

WordPress plugin Auto iFrame 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS7.8AI score0.00286EPSS

Exploits1References2

Positive Technologies•added 2025/01/08 12:0 a.m.•4 views

PT-2025-1578 · WordPress · Auto Iframe

Name of the Vulnerable Software and Affected Versions: Auto iFrame WordPress plugin versions prior to 2.0 Description: The issue concerns the Auto iFrame WordPress plugin, where versions prior to 2.0 do not validate and escape some of its shortcode attributes before outputting them back in a page...

5.4CVSS8.2AI score0.00286EPSS

Exploits1References7

NVD•added 2025/01/07 6:15 a.m.•13 views

CVE-2024-11606

The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.3CVSS0.00473EPSS

Exploits1References1

OSV•added 2024/12/27 6:15 a.m.•2 views

CVE-2024-11644

The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.9CVSS7.3AI score

Exploits0References1

NVD•added 2024/12/27 6:15 a.m.•11 views

CVE-2024-11644

5.9CVSS0.00333EPSS

Exploits1References1

Vulnrichment•added 2024/12/27 6:0 a.m.•12 views

CVE-2024-11644 WP-SVG <= 0.9 - Contributor+ Stored XSS via Shortcode

5.5AI score0.00333EPSS

Exploits1References1

Cvelist•added 2024/12/27 6:0 a.m.•18 views

CVE-2024-11644 WP-SVG <= 0.9 - Contributor+ Stored XSS via Shortcode

0.00333EPSS

Exploits1References1

CVE•added 2024/12/27 6:0 a.m.•57 views

CVE-2024-11644

The CVE-2024-11644 entry concerns the WP-SVG WordPress plugin (versions

5.9CVSS5.6AI score0.00333EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2024/12/27 12:0 a.m.•5 views

PT-2024-17152 · WordPress · Wp-Svg

Name of the Vulnerable Software and Affected Versions: WP-SVG WordPress plugin versions 0.9 and prior Description: The issue concerns the WP-SVG WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is...

5.9CVSS8.3AI score0.00333EPSS

Exploits1References10

NVD•added 2024/12/20 6:15 a.m.•17 views

CVE-2024-11108

The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS0.00315EPSS

Exploits1References1

OSV•added 2024/12/20 6:15 a.m.•2 views

CVE-2024-11108

5.4CVSS5.8AI score0.00315EPSS

Exploits1References1

Vulnrichment•added 2024/12/20 6:0 a.m.•11 views

CVE-2024-11108 Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode

5.9AI score0.00315EPSS

Exploits1References1

Cvelist•added 2024/12/20 6:0 a.m.•20 views

CVE-2024-11108 Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode

0.00315EPSS

Exploits1References1

Positive Technologies•added 2024/12/20 12:0 a.m.•4 views

PT-2024-17249 · WordPress · Particle Background

Name of the Vulnerable Software and Affected Versions: Particle Background plugin for WordPress versions up to, and including, 1.0.2 Description: The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode due to insufficie...

6.4CVSS7.8AI score0.00331EPSS

Exploits0References8

OSV•added 2024/12/16 6:15 a.m.•2 views

CVE-2024-11841

The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS7.3AI score0.00291EPSS

Exploits1References1

NVD•added 2024/12/16 6:15 a.m.•15 views

CVE-2024-11841

5.4CVSS0.00291EPSS

Exploits1References1

CVE•added 2024/12/16 6:0 a.m.•48 views

CVE-2024-11841

The CVE CVE-2024-11841 concerns the Tithe.ly Giving Button WordPress plugin (version up to 1.1) where shortcode attributes are not properly escaped/validated before output. This can enable Stored Cross-Site Scripting (XSS) attacks when a page or post embeds the shortcode and an attacker with Cont...

5.4CVSS5.6AI score0.00291EPSS

Exploits1References1Affected Software1

Cvelist•added 2024/12/16 6:0 a.m.•19 views

CVE-2024-11841 Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode

0.00291EPSS

Exploits1References1

Vulnrichment•added 2024/12/16 6:0 a.m.•8 views

CVE-2024-11841 Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode

5.9AI score0.00291EPSS

Exploits1References1

Rows per page