CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

876 matches found

Positive Technologies•added 2024/11/09 12:0 a.m.•3 views

PT-2024-16426 · WordPress · Fox – Currency Switcher Professional

Name of the Vulnerable Software and Affected Versions: The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress versions up to, and including, 1.4.2.2 Description: The issue is due to the software allowing users to execute an action that does not properly validate a value...

7.3CVSS7.9AI score0.01233EPSS

Exploits0References9

OSV•added 2024/11/05 1:15 p.m.•0 views

CVE-2024-10263

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes...

7.3CVSS6.1AI score

Exploits0References2

NVD•added 2024/11/05 1:15 p.m.•11 views

CVE-2024-10263

7.3CVSS0.0219EPSS

Exploits0References2

Vulnrichment•added 2024/11/05 12:45 p.m.•9 views

CVE-2024-10263 Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution

7.3CVSS7.4AI score0.0219EPSS

Exploits0References2

Cvelist•added 2024/11/05 12:45 p.m.•17 views

CVE-2024-10263 Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution

7.3CVSS0.0219EPSS

Exploits0References2

Patchstack•added 2024/11/05 3:51 a.m.•3 views

WordPress Tickera plugin <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Tickera versions = 3.5.4.4...

7.3CVSS7.1AI score0.0219EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/11/05 12:0 a.m.•4 views

PT-2024-16144 · WordPress · The Tickera

Name of the Vulnerable Software and Affected Versions: The Tickera – WordPress Event Ticketing plugin versions up to, and including, 3.5.4.4 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action that does not properly validate a...

7.3CVSS7.9AI score0.0219EPSS

Exploits0References16

OSV•added 2024/10/30 3:15 a.m.•2 views

CVE-2024-9846

The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

7.3CVSS6.1AI score0.00778EPSS

Exploits0References3

NVD•added 2024/10/30 3:15 a.m.•13 views

CVE-2024-9846

7.3CVSS0.00778EPSS

Exploits0References3

Cvelist•added 2024/10/30 2:4 a.m.•10 views

CVE-2024-9846 Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution

7.3CVSS0.00778EPSS

Exploits0References3

CVE•added 2024/10/30 2:4 a.m.•53 views

CVE-2024-9846

CVE-2024-9846: Enable Shortcodes inside Widgets,Comments and Experts (WordPress) Affected: WordPress plugin Enable Shortcodes inside Widgets,Comments and Experts (

7.3CVSS7.4AI score0.00778EPSS

Exploits0References3Affected Software1

OSV•added 2024/10/26 10:15 a.m.•1 views

CVE-2024-9772

The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

7.3CVSS6.1AI score

Exploits0References3

Vulnrichment•added 2024/10/26 9:35 a.m.•11 views

CVE-2024-9772 Uix Shortcodes – Compatible with Gutenberg <= 1.9.9 - Unauthenticated Arbitrary Shortcode Execution

7.3CVSS7.6AI score0.09043EPSS

Exploits0References3

CVE•added 2024/10/26 9:35 a.m.•57 views

CVE-2024-9772

CVE-2024-9772 concerns WordPress, specifically the UIX Shortcodes plugin (versions up to 1.9.9; some sources also cite 1.9.7). The vulnerability allows unauthenticated attackers to perform arbitrary shortcode execution by exploiting improper validation when running do_shortcode, via an action exp...

7.3CVSS7.6AI score0.09043EPSS

Exploits0References3Affected Software1

OSV•added 2024/10/16 8:15 a.m.•1 views

CVE-2024-9061

The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action tha...

9.8CVSS6.1AI score

Exploits0References2

NVD•added 2024/10/16 8:15 a.m.•14 views

CVE-2024-9061

9.8CVSS0.89EPSS

Exploits1References2

GithubExploit•added 2024/10/16 7:57 a.m.•75 views

Exploit for Code Injection in Themehunk Wp_Popup_Builder

CVE-2024-9061 WP Popup Builder – Popup Forms and Marketing Lea...

9.8CVSS9.7AI score0.89EPSS

Exploits1

Cvelist•added 2024/10/16 7:31 a.m.•22 views

CVE-2024-9061 WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add

7.3CVSS0.89EPSS

Exploits1References2

CVE•added 2024/10/16 7:31 a.m.•63 views

CVE-2024-9061

The CVE CVE-2024-9061 affects the WordPress plugin WP Popup Builder – Popup Forms and Marketing Lead Generation. It allows unauthenticated users to perform arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to 1.3.5, due to inadequate validation ...

9.8CVSS8.7AI score0.89EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2024/10/16 7:31 a.m.•14 views

CVE-2024-9061 WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add

7.3CVSS7.8AI score0.89EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by