CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8962 matches found

CVE•added 2024/06/14 6:0 a.m.•56 views

CVE-2024-3978

The CVE CVE-2024-3978 concerns the WordPress Jitsi Shortcode plugin (<= version 0.1). It does not validate or escape certain shortcode attributes, allowing stored XSS when the shortcode is embedded in a page/post by users with Contributor+ privileges. The vulnerability impact is described as S...

5.4CVSS5.5AI score0.00357EPSS

Exploits2References1Affected Software1

Cvelist•added 2024/06/14 6:0 a.m.•31 views

CVE-2024-3978 WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

0.00357EPSS

Exploits2References1

Cvelist•added 2024/06/14 6:0 a.m.•35 views

CVE-2024-3977 WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00294EPSS

Exploits2References1

WPVulnDB•added 2024/06/14 12:0 a.m.•11 views

Restaurant Menu and Food Ordering < 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.7AI score0.00274EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/06/14 12:0 a.m.•4 views

WordPress plugin WordPress Jitsi Shortcode Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

5.1CVSS6.1AI score0.00294EPSS

Exploits2References2

CNNVD•added 2024/06/14 12:0 a.m.•4 views

WordPress plugin WordPress Jitsi Shortcode Security Vulnerability

5.4CVSS6AI score0.00357EPSS

Exploits2References2

Positive Technologies•added 2024/06/14 12:0 a.m.•4 views

PT-2024-28666 · WordPress · Wordpress Jitsi Shortcode

Name of the Vulnerable Software and Affected Versions: WordPress Jitsi Shortcode WordPress plugin versions 0.1 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, fo...

5.1CVSS5.7AI score0.00294EPSS

Exploits2References5

Positive Technologies•added 2024/06/12 12:0 a.m.•3 views

PT-2024-26249 · WordPress · The Events Manager

Name of the Vulnerable Software and Affected Versions: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions up to, and including, 6.4.7.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event category...

6.4CVSS6.1AI score0.00291EPSS

Exploits0References6

Positive Technologies•added 2024/06/12 12:0 a.m.•3 views

PT-2024-35406 · WordPress · Download Manager Pro

Name of the Vulnerable Software and Affected Versions: Download Manager Pro plugin for WordPress versions up to, and including, 3.2.92 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in certain shortcodes, including wpdm user...

6.4CVSS7.2AI score0.00416EPSS

Exploits0References19

OSV•added 2024/06/11 3:15 a.m.•2 views

CVE-2023-6745

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated...

5.4CVSS5.9AI score

Exploits0References2

OSV•added 2024/06/07 8:15 a.m.•2 views

CVE-2024-4703

The One Page Express Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's onepageexpresscontactform shortcode in all versions up to, and including, 1.6.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.9AI score

Exploits0References2

OSV•added 2024/06/07 7:15 a.m.•2 views

CVE-2024-4451

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibrivideoplayer shortcode in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.9AI score0.00263EPSS

Exploits0References2

Patchstack•added 2024/06/06 11:35 a.m.•3 views

WordPress Colibri Page Builder plugin <= 1.0.276 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Colibri Page Builder versions = 1.0.276...

6.4CVSS5.5AI score0.00322EPSS

Exploits0References1Affected Software1

OSV•added 2024/06/06 11:15 a.m.•1 views

CVE-2024-5038

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.9AI score

Exploits0References3

Cvelist•added 2024/06/06 3:53 a.m.•13 views

CVE-2024-5141 Rotating Tweets (Twitter widget and shortcode) <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Rotating Tweets Twitter widget and shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's' 'rotatingtweets' in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.7AI score0.00257EPSS

Exploits0References2

Patchstack•added 2024/06/06 2:48 a.m.•3 views

WordPress Rotating Tweets plugin <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Rotating Tweets versions = 1.9.10...

6.4CVSS5.8AI score0.00257EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/06/06 2:43 a.m.•3 views

WordPress Materialis Companion plugin <= 1.3.41 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode vulnerability

Authenticated Contributor+ Store Cross-Site Scripting via materialiscontactform Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Materialis Companion versions = 1.3.41...

6.4CVSS6.4AI score0.00322EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/06/06 2:38 a.m.•3 views

WordPress Album and Image Gallery plus Lightbox plugin <= 2.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Album and Image Gallery plus Lightbox versions = 2.0...

7.3CVSS7.1AI score0.00478EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/06/06 2:35 a.m.•2 views

WordPress Simple Image Popup Shortcode plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Simple Image Popup Shortcode versions = 1.0...

6.4CVSS5.8AI score0.00257EPSS

Exploits0References1Affected Software1

OSV•added 2024/06/06 2:15 a.m.•6 views

CVE-2024-5342

The Simple Image Popup Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sipspopup' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.9AI score0.00257EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by