CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8962 matches found

Positive Technologies•added 2024/04/02 12:0 a.m.•3 views

PT-2024-22409 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.263 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, such as heading type, in the plugin's 'colibr...

6.4CVSS9.3AI score0.00323EPSS

Exploits0References4

Patchstack•added 2024/04/01 5:14 a.m.•3 views

WordPress Favorites plugin <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Favorites versions = 2.3.3...

7.2CVSS6.5AI score0.0038EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/01 5:3 a.m.•5 views

WordPress Ecwid Ecommerce Shopping Cart plugin <= 6.12.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Ecwid Shopping Cart versions = 6.12.10...

6.4CVSS6.5AI score0.00353EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/01 5:0 a.m.•3 views

WordPress WordPress File Upload plugin <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WordPress File Upload versions = 4.24.5...

6.4CVSS6.5AI score0.0036EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/04/01 12:0 a.m.•18 views

Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more < 4.5.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 4.5.24 due to insufficient input sanitization and...

6.5CVSS5.9AI score0.00351EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/04/01 12:0 a.m.•14 views

MailChimp Forms by MailMunch < 3.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.5CVSS5.9AI score0.00357EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/03/31 6:7 p.m.•16 views

CVE-2024-31114 WordPress Shortcode Addons <= 3.2.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5...

9.1CVSS6.9AI score0.01353EPSS

Exploits1References1

Cvelist•added 2024/03/31 6:7 p.m.•21 views

CVE-2024-31114 WordPress Shortcode Addons <= 3.2.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5...

9.1CVSS9.5AI score0.01353EPSS

Exploits1References1

CVE•added 2024/03/31 6:7 p.m.•77 views

CVE-2024-31114

CVE-2024-31114 concerns the WordPress plugin group “Shortcode Addons” (Shortcode Addons: from n/a through 3.2.5). The connected exploit document confirms concrete technical details: an authenticated attacker with administrator-level access can abuse a missing file-type validation to perform an ar...

9.1CVSS8.6AI score0.01353EPSS

Exploits1References1

CNNVD•added 2024/03/31 12:0 a.m.•5 views

WordPress Plugin Shortcode Addons 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

9.1CVSS8AI score0.01353EPSS

Exploits1References2

Positive Technologies•added 2024/03/31 12:0 a.m.•5 views

PT-2024-23784 · Unknown · Shortcode Addons

Name of the Vulnerable Software and Affected Versions: Shortcode Addons versions 3.2.5 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons. Recommendations: For versions 3.2.5 and earlier, update to a...

9.1CVSS9.3AI score0.01353EPSS

Exploits1References3

Positive Technologies•added 2024/03/30 12:0 a.m.•4 views

PT-2024-16330 · WordPress · List Category Posts Plugin

Name of the Vulnerable Software and Affected Versions: List category posts plugin for WordPress versions up to, and including, 0.89.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS7.9AI score0.0045EPSS

Exploits0References6

Positive Technologies•added 2024/03/30 12:0 a.m.•2 views

PT-2024-22922 · WordPress · Favorites

Name of the Vulnerable Software and Affected Versions: The Favorites plugin for WordPress versions up to, and including, 2.3.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'user favorites' shortcode due to insufficient input sanitization and output escaping on...

7.2CVSS8AI score0.0038EPSS

Exploits0References5

Positive Technologies•added 2024/03/30 12:0 a.m.•2 views

PT-2024-22153 · WordPress · Editorskit

Name of the Vulnerable Software and Affected Versions: Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress versions up to, and including, 1.40.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode due to insufficient input...

6.4CVSS8AI score0.00386EPSS

Exploits0References5

Patchstack•added 2024/03/29 12:25 p.m.•4 views

WordPress Shortcode Addons <= 3.2.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Shortcode Addons versions = 3.2.5...

9.1CVSS8.6AI score0.01353EPSS

Exploits1Affected Software1

Patchstack•added 2024/03/29 9:2 a.m.•2 views

WordPress Pods plugin <= 3.0.10 - Authenticated (Contributor+) SQL Injection via Shortcode vulnerability

Authenticated Contributor+ SQL Injection via Shortcode vulnerability discovered by Nex Team in WordPress Plugin Pods versions = 3.0.10...

8.8CVSS9.2AI score0.00821EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/03/29 8:44 a.m.•2 views

WordPress Button plugin <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode vulnerability

Authenticated Contributor+ PHP Object Injection in buttonshortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Button versions = 1.1.27...

8.8CVSS8.8AI score0.00901EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/03/29 8:38 a.m.•2 views

WordPress Pods plugin <= 3.0.10 - Authenticated (Contributor+) Remote Code Execution via Shortcode vulnerability

Authenticated Contributor+ Remote Code Execution via Shortcode vulnerability discovered by Nex Team in WordPress Plugin Pods versions = 3.0.10...

8.8CVSS8.7AI score0.01291EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/03/29 12:0 a.m.•12 views

WordPress Shortcode Addons Plugin <= 3.2.5 is vulnerable to Arbitrary File Upload

Software Shortcode Addons Type Plugin Vulnerable versions = 3.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-31114 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 25bf030daa64 Credits Peng Zhou Required privilege Administrator...

9.1CVSS6.8AI score0.01353EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2024/03/29 12:0 a.m.•22 views

WordPress File Upload < 4.24.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.5AI score0.0036EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by