CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8972 matches found

Positive Technologies•added 2025/01/30 12:0 a.m.•3 views

PT-2025-3701 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder Pro plugin for WordPress versions prior to 3.25.11 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including the content of Private, Pending, a...

6.5CVSS9.3AI score0.00284EPSS

Exploits0References7

Positive Technologies•added 2025/01/30 12:0 a.m.•2 views

PT-2025-2143 · WordPress · Alex Reservations

Name of the Vulnerable Software and Affected Versions: Alex Reservations: Smart Restaurant Booking plugin for WordPress versions up to, and including, 2.0.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'rr form' shortcode due to insufficient input sanitization...

6.4CVSS7.9AI score0.00309EPSS

Exploits0References7

Positive Technologies•added 2025/01/30 12:0 a.m.•2 views

PT-2025-2127 · WordPress · Stockdio Historical Chart

Name of the Vulnerable Software and Affected Versions: Stockdio Historical Chart plugin for WordPress versions up to, and including, 2.8.18 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'stockdio-historical-chart' shortcode due to insufficient input sanitizatio...

6.4CVSS8.1AI score0.00284EPSS

Exploits0References8

Positive Technologies•added 2025/01/30 12:0 a.m.•3 views

PT-2025-2186 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.8.24 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcode due to insufficient input...

6.4CVSS7.9AI score0.00284EPSS

Exploits0References12

Positive Technologies•added 2025/01/30 12:0 a.m.•2 views

PT-2025-1980 · WordPress · Ethereumico

Name of the Vulnerable Software and Affected Versions: EthereumICO plugin for WordPress versions up to, and including, 2.4.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS8AI score0.00224EPSS

Exploits0References6

Positive Technologies•added 2025/01/30 12:0 a.m.•5 views

PT-2025-1853 · WordPress · Html5 Chat Plugin

Name of the Vulnerable Software and Affected Versions: HTML5 Chat Plugin for WordPress versions 1.04 and earlier Description: The issue concerns a Stored Cross-Site Scripting vulnerability in the HTML5 chat plugin for WordPress. This vulnerability is due to insufficient input sanitization and...

6.4CVSS8AI score0.00254EPSS

Exploits0References7

Positive Technologies•added 2025/01/30 12:0 a.m.•3 views

PT-2025-2228 · WordPress · Wordpress Survey & Poll

Name of the Vulnerable Software and Affected Versions: WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress versions up to and including 1.7.5 Description: The issue allows authenticated attackers with Contributor-level access and above to inject SQL queries via the id attribute o...

6.5CVSS9.5AI score0.00321EPSS

Exploits0References5

Vulnrichment•added 2025/01/29 11:10 a.m.•3 views

CVE-2024-13561 Target Video Easy Publish <= 3.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via brid_override_yt Shortcode

The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bridoverrideyt shortcode in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS7.4AI score0.00288EPSS

Exploits0References4

Positive Technologies•added 2025/01/29 12:0 a.m.•2 views

PT-2025-2218 · WordPress · Target Video Easy Publish

Name of the Vulnerable Software and Affected Versions: Target Video Easy Publish plugin for WordPress versions up to, and including, 3.8.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's brid override yt shortcode due to insufficient input sanitization and output...

6.4CVSS8AI score0.00288EPSS

Exploits0References9

Patchstack•added 2025/01/28 10:41 a.m.•4 views

WordPress Philantro plugin <= 5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via donate Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via donate Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin Philantro versions = 5.3...

6.4CVSS5.8AI score0.00203EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/01/28 12:0 a.m.•2 views

PT-2025-2207 · WordPress · The Philantro – Donations/Donor Management

Name of the Vulnerable Software and Affected Versions: The Philantro – Donations and Donor Management plugin for WordPress versions up to, and including, 5.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes, such as donate, due to insufficient input...

6.4CVSS8.1AI score0.00203EPSS

Exploits0References8

Patchstack•added 2025/01/27 7:46 a.m.•4 views

WordPress ThemeREX Addons plugin <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton in WordPress Plugin ThemeREX Addons versions = 2.33.0...

8.8CVSS7AI score0.00606EPSS

Exploits0References1Affected Software1

NVD•added 2025/01/26 6:15 a.m.•7 views

CVE-2024-10633

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency. This is due to the software allowing users to...

7.3CVSS0.00503EPSS

Exploits0References3

Cvelist•added 2025/01/26 5:24 a.m.•14 views

CVE-2024-10633 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via content

7.3CVSS0.00503EPSS

Exploits0References3

Vulnrichment•added 2025/01/26 5:24 a.m.•6 views

CVE-2024-10633 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via content

7.3CVSS8AI score0.00503EPSS

Exploits0References3

CVE•added 2025/01/26 5:24 a.m.•52 views

CVE-2024-10633

CVE-2024-10633 affects the Quiz Maker Business, Developer, and Agency WordPress plugins. The vulnerability arises from improper validation before do_shortcode, enabling unauthenticated users to execute arbitrary shortcodes. Impact is characterized as arbitrary shortcode execution with network-acc...

7.3CVSS7.4AI score0.00503EPSS

Exploits0References3

CNNVD•added 2025/01/26 12:0 a.m.•1 views

WordPress plugin Quiz Maker Business, Developer, and Agency 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.3CVSS8.6AI score0.00503EPSS

Exploits0References3

OSV•added 2025/01/25 8:15 a.m.•2 views

CVE-2024-13586

The Masy Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'justified-gallery' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS7.4AI score0.00216EPSS

Exploits0References2

OSV•added 2025/01/25 8:15 a.m.•2 views

CVE-2024-13551

The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS7.4AI score0.00292EPSS

Exploits1References2

OSV•added 2025/01/25 8:15 a.m.•2 views

CVE-2024-13458

The WordPress SEO Friendly Accordion FAQ with AI assisted content generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'noticefaq' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user...

5.4CVSS7.4AI score0.00216EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by