CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8962 matches found

Patchstack•added 2024/04/23 3:0 a.m.•3 views

WordPress Social Sharing Plugin – Social Warfare plugin <= 4.4.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Social Warfare versions = 4.4.6.1...

6.4CVSS5.8AI score0.0042EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/23 2:48 a.m.•7 views

WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode vulnerability

Authenticated Contributor+ SQL Injection via rtmediagallery Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress versions = 4.6.18...

8.8CVSS8.1AI score0.01405EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2024/04/23 12:0 a.m.•6 views

PT-2024-24985 · WordPress · Rtmedia For Wordpress

Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress versions up to, and including, 4.6.18 Description: The issue allows authenticated attackers with contributor-level access and above to perform blind SQL Injection via the...

8.8CVSS7.5AI score0.01405EPSS

Exploits1References3

Positive Technologies•added 2024/04/23 12:0 a.m.•2 views

PT-2024-27475 · WordPress · Geodirectory

Name of the Vulnerable Software and Affected Versions: The GeoDirectory – WordPress Business Directory Plugin versions up to, and including, 2.3.48 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gd single tabs' shortcode due to insufficient input sanitization a...

6.4CVSS5.8AI score0.0032EPSS

Exploits0References6

Patchstack•added 2024/04/22 6:41 a.m.•2 views

WordPress Shortcode Addons plugin <= 3.2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NinTechNet in WordPress Plugin Shortcode Addons versions = 3.2.5...

7AI score

Exploits0References1Affected Software1

Patchstack•added 2024/04/22 2:7 a.m.•2 views

WordPress Icon Widget plugin <= 1.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Icon Widget versions = 1.3.0...

6.4CVSS5.8AI score0.0042EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/22 2:6 a.m.•2 views

WordPress hCaptcha plugin <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via cf7-hcaptcha Shortcode vulnerability discovered by haidv35 in WordPress Plugin hCaptcha for WP versions = 4.0.0...

6.4CVSS5.8AI score0.00333EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/04/22 12:0 a.m.•11 views

Colibri Page Builder < 1.0.272 - Contributor+ Stored Cross-Site Scripting via the plugin's 'colibri_breadcrumb_element' shortcode

Description The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibribreadcrumbelement' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.9AI score0.00423EPSS

Exploits0References1Affected Software1

OSV•added 2024/04/20 2:15 a.m.•3 views

CVE-2024-1057

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuitebutton' shortcode in all versions up to, and including, 2.8.1 due to insufficient input...

5.4CVSS5.9AI score0.0032EPSS

Exploits0References2

Positive Technologies•added 2024/04/20 12:0 a.m.•4 views

PT-2024-16372 · WordPress · The Shoplentor – Woocommerce Builder For Elementor & Gutenberg +10 Modules – All In One Solution

Name of the Vulnerable Software and Affected Versions: The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution plugin for WordPress versions up to, and including, 2.8.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's...

6.4CVSS6AI score0.0032EPSS

Exploits0References5

Positive Technologies•added 2024/04/20 12:0 a.m.•3 views

PT-2024-28794 · WordPress · Hcaptcha For Wordpress

Name of the Vulnerable Software and Affected Versions: hCaptcha for WordPress plugin for WordPress versions up to, and including, 4.0.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's cf7-hcaptcha shortcode, allowi...

6.4CVSS6.8AI score0.00333EPSS

Exploits0References5

Patchstack•added 2024/04/18 12:47 p.m.•4 views

WordPress tagDiv Composer plugin <= 4.8 - Authenticated Local File Inclusion via Shortcode vulnerability

Authenticated Local File Inclusion via Shortcode vulnerability discovered by István Márton in WordPress Plugin tagDiv Composer versions = 4.8...

8.8CVSS7AI score0.00657EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/18 1:43 a.m.•2 views

WordPress EAN for WooCommerce plugin <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode vulnerability

Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin EAN for WooCommerce versions = 4.9.2...

4.3CVSS6.9AI score0.00375EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/18 1:42 a.m.•4 views

WordPress EAN for WooCommerce plugin <= 4.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via alg_wc_ean_product_meta Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via algwceanproductmeta Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin EAN for WooCommerce versions = 4.9.2...

6.4CVSS5.8AI score0.0032EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/04/18 12:0 a.m.•2 views

PT-2024-15121 · WordPress · Ean For Woocommerce

Name of the Vulnerable Software and Affected Versions: EAN for WooCommerce plugin for WordPress versions up to, and including, 4.9.2 Description: The issue allows authenticated attackers with contributor-level access and above to expose potentially sensitive post metadata due to missing validatio...

4.3CVSS6.7AI score0.00375EPSS

Exploits0References7

Positive Technologies•added 2024/04/18 12:0 a.m.•4 views

PT-2024-15120 · WordPress · Ean For Woocommerce

Name of the Vulnerable Software and Affected Versions: EAN for WooCommerce plugin for WordPress versions up to, and including, 4.8.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'alg wc ean product meta' shortcode due to insufficient input sanitization and...

6.4CVSS6AI score0.0032EPSS

Exploits0References7

Positive Technologies•added 2024/04/18 12:0 a.m.•4 views

PT-2024-3144 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions up to, and including, 2.6.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'tutor instructor list' shortcode due to insufficient input sanitization and output escaping on user-supplied...

5.5CVSS6AI score0.00385EPSS

Exploits0References10

OSV•added 2024/04/17 5:15 a.m.•1 views

CVE-2024-1219

The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.3CVSS5.8AI score0.00303EPSS

Exploits2References1

WPVulnDB•added 2024/04/17 12:0 a.m.•13 views

EAN for WooCommerce < 4.9.3 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode

Description The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

4.3CVSS5.3AI score0.00375EPSS

Exploits0References1Affected Software1

OSV•added 2024/04/16 1:15 p.m.•2 views

CVE-2024-3672

The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This makes it...

5.4CVSS5.9AI score0.0032EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by