CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2024/09/25 2:5 a.m.•14 views

CVE-2024-9024 Material Design Icons <= 0.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdi-icon Shortcode

6.4CVSS0.00382EPSS

Exploits0References4

Vulnrichment•added 2024/09/25 2:5 a.m.•13 views

CVE-2024-9028 WP GPX Maps <= 1.7.08 - Authenticated (Contributor+) Stored Cross-Site Scripting via sgpx Shortcode

6.4CVSS5.8AI score0.00343EPSS

Exploits0References5

Vulnrichment•added 2024/09/25 2:5 a.m.•13 views

CVE-2024-8481 Special Text Boxes <= 6.2.2 - Unauthenticated Arbitrary Shortcode Execution

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...

7.3CVSS7.7AI score0.00623EPSS

CVE•added 2024/09/25 2:5 a.m.•47 views

CVE-2024-8481

CVE-2024-8481 affects the WordPress plugin Special Text Boxes up to 6.2.2 due to the filter add_filter('comment_text','do_shortcode') allowing unauthenticated arbitrary shortcode execution in comments. A patch exists; upgrade to 6.2.4 or later to remediate.

7.3CVSS6.2AI score0.00623EPSS

Exploits0References3Affected Software1

Cvelist•added 2024/09/25 2:5 a.m.•39 views

CVE-2024-8481 Special Text Boxes <= 6.2.4 - Unauthenticated Arbitrary Shortcode Execution

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.4. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...

7.3CVSS0.00623EPSS

OSV•added 2024/09/25 1:15 a.m.•1 views

CVE-2024-8919

The Confetti Fall Animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'confetti-fall-animation' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.9AI score

Positive Technologies•added 2024/09/25 12:0 a.m.•2 views

PT-2024-39371 · Wpzoom · Wpzoom Shortcodes

Name of the Vulnerable Software and Affected Versions: WPZOOM Shortcodes plugin for WordPress versions up to, and including, 1.0.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'box' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6.2AI score0.00333EPSS

Exploits0References8

Positive Technologies•added 2024/09/25 12:0 a.m.•3 views

PT-2024-39372 · WordPress · Wp Gpx Map

Name of the Vulnerable Software and Affected Versions: WP GPX Maps plugin for WordPress versions up to, and including, 1.7.08 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6.2AI score0.00343EPSS

Exploits0References9

Patchstack•added 2024/09/24 1:4 p.m.•3 views

WordPress WP GPX Maps plugin <= 1.7.08 - Authenticated (Contributor+) Stored Cross-Site Scripting via sgpx Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sgpx Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WP GPX Map versions = 1.7.08...

6.4CVSS5.8AI score0.00343EPSS

Patchstack•added 2024/09/24 1:1 p.m.•2 views

WordPress Material Design Icons plugin <= 0.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdi-icon Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via mdi-icon Shortcode vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin Material Design Icons versions = 0.0.5...

6.4CVSS5.8AI score0.00382EPSS

Patchstack•added 2024/09/24 12:55 p.m.•2 views

WordPress Special Text Boxes plugin <= 6.2.4 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Special Text Boxes versions = 6.2.4...

7.3CVSS7.1AI score0.00623EPSS

Patchstack•added 2024/09/24 12:48 p.m.•2 views

WordPress WPZOOM Shortcodes plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via box Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WPZOOM Shortcodes versions = 1.0.5...

6.4CVSS5.8AI score0.00333EPSS

OSV•added 2024/09/24 3:15 a.m.•2 views

CVE-2024-8628

The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all versions up to, and including, 1.2.70.3 due to insufficient input sanitization and output escaping o...

5.4CVSS5.9AI score

OSV•added 2024/09/24 3:15 a.m.•2 views

CVE-2024-8624

The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'metakey' attribute of the 'mdfselecttitle' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...

9.9CVSS5.8AI score

OSV•added 2024/09/24 3:15 a.m.•3 views

CVE-2024-8623

The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Thi...

7.3CVSS6.1AI score0.00622EPSS

NVD•added 2024/09/24 3:15 a.m.•24 views

CVE-2024-8623

7.3CVSS0.00622EPSS