CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8962 matches found

Positive Technologies•added 2024/04/09 12:0 a.m.•5 views

PT-2024-20450 · WordPress · Ecwid Ecommerce Shopping Cart

Name of the Vulnerable Software and Affected Versions: Ecwid Ecommerce Shopping Cart plugin for WordPress versions up to, and including, 6.12.10 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes ...

6.4CVSS8AI score0.00353EPSS

Exploits0References4

Positive Technologies•added 2024/04/09 12:0 a.m.•2 views

PT-2024-23458 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.29.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.00358EPSS

Exploits0References4

Positive Technologies•added 2024/04/09 12:0 a.m.•4 views

PT-2024-15147 · WordPress · The Pods – Custom Content Types/Fields

Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2. Description: The issue is related to Missing Authorization, which allows authenticated attackers wi...

4.3CVSS9.2AI score0.00554EPSS

Exploits0References7

Patchstack•added 2024/04/08 5:29 a.m.•4 views

WordPress RSS Aggregator by Feedzy plugin <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Error Message vulnerability discovered by Colin Xu in WordPress Plugin Feedzy versions = 4.3.3...

6.4CVSS5.8AI score0.00352EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/08 5:18 a.m.•3 views

WordPress Powerkit plugin <= 2.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Powerkit versions = 2.9.1...

6.4CVSS5.8AI score0.00315EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/08 5:13 a.m.•3 views

WordPress Bold Page Builder plugin <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via btbbpricelist Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Bold Page Builder versions = 4.8.8...

6.4CVSS5.5AI score0.00404EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/08 4:54 a.m.•2 views

WordPress EmbedPress plugin <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin EmbedPress versions = 3.9.14...

6.4CVSS5.8AI score0.00509EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/04/08 12:0 a.m.•14 views

ElementsKit Elementor addons < 3.0.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.9AI score0.00469EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/04/06 12:0 a.m.•19 views

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator < 4.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message

Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.00352EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/05 12:37 a.m.•4 views

WordPress Passster plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_protector Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via contentprotector Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Passster versions = 4.2.6.4...

6.4CVSS5.8AI score0.00501EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/04/05 12:0 a.m.•3 views

PT-2024-20689 · WordPress · Squelch Tabs/Accordions Shortcodes

Name of the Vulnerable Software and Affected Versions: Squelch Tabs and Accordions Shortcodes plugin for WordPress versions up to, and including, 0.4.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'accordions' shortcode due to insufficient input sanitization a...

6.4CVSS8AI score0.00327EPSS

Exploits0References4

Patchstack•added 2024/04/04 2:11 a.m.•2 views

WordPress Beaver Themer plugin <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode vulnerability

Authenticated Contributor+ Sensitive Information Exposure via shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Themer versions = 1.4.9...

6.5CVSS7AI score0.00525EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/04 2:4 a.m.•2 views

WordPress TaxoPress plugin <= 3.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by stealthcopter in WordPress Plugin TaxoPress versions = 3.12.0...

6.4CVSS5.8AI score0.00449EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/04 2:3 a.m.•2 views

WordPress Modal Popup Box plugin <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode vulnerability

Authenticated Contributor+ PHP Object Injection in awlmodalpopupboxshortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Modal Popup Box versions = 1.5.2...

8.8CVSS7.3AI score0.00893EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/04/04 12:0 a.m.•2 views

WordPress Plugin Modal Popup Box 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS8.6AI score0.00893EPSS

Exploits0References4

Positive Technologies•added 2024/04/04 12:0 a.m.•3 views

PT-2024-22385 · WordPress · Wordpress Tag/Category Manager – Ai Autotagger

Name of the Vulnerable Software and Affected Versions: The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress versions up to, and including, 3.13.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin...

6.4CVSS9.3AI score0.00449EPSS

Exploits0References6

WPVulnDB•added 2024/04/03 12:0 a.m.•17 views

Beaver Themer < 1.4.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode

Description The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including...

6.5CVSS6.8AI score0.00525EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/04/03 12:0 a.m.•19 views

WordPress Tag and Category Manager – AI Autotagger < 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sttagcloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.9AI score0.00449EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/04/03 12:0 a.m.•13 views

Shortcode Addons <= 3.2.5 - Authenticated (Admin+) Arbitrary File Upload

Description The Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, wi...

9.1CVSS7.7AI score0.01353EPSS

Exploits1References1

OSV•added 2024/04/02 7:16 a.m.•2 views

CVE-2024-2839

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibriposttitle' shortcode in all versions up to, and including, 1.0.263 due to insufficient input sanitization and output escaping on user supplied attributes such as 'headingtype'. This...

5.4CVSS5.9AI score0.00323EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by