CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8961 matches found

Tenable Nessus•added 2023/10/18 12:0 a.m.•7 views

WordPress 4.3.x < 4.3.32 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...

6.6AI score

Exploits0References2

Tenable Nessus•added 2023/10/18 12:0 a.m.•16 views

WordPress 4.2.x < 4.2.36 Multiple Vulnerabilities

6.6AI score

Exploits0References2

Tenable Nessus•added 2023/10/18 12:0 a.m.•25 views

WordPress 4.9.x < 4.9.24 Multiple Vulnerabilities

6.6AI score

Exploits0References2

Tenable Nessus•added 2023/10/18 12:0 a.m.•19 views

WordPress 5.9.x < 5.9.8 Multiple Vulnerabilities

6.6AI score

Exploits0References2

Tenable Nessus•added 2023/10/18 12:0 a.m.•5 views

WordPress 4.8.x < 4.8.23 Multiple Vulnerabilities

6.6AI score

Exploits0References2

Positive Technologies•added 2023/10/18 12:0 a.m.•3 views

PT-2023-32229 · WordPress · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Booster for WooCommerce plugin for WordPress versions up to, and including, 7.1.2 Description: The issue is related to Stored Cross-Site Scripting via the wcj image shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS5.7AI score0.00478EPSS

Exploits0References9

Positive Technologies•added 2023/10/18 12:0 a.m.•2 views

PT-2023-32055 · WordPress · Avirtum Ipanorama 360 Wordpress Virtual Tour Builder

Name of the Vulnerable Software and Affected Versions: iPanorama 360 – WordPress Virtual Tour Builder plugin versions up to, and including, 1.8.0 Description: The issue is related to SQL Injection via the plugin's shortcode due to insufficient escaping on the user supplied parameter and lack of...

8.8CVSS7AI score0.00618EPSS

Exploits0References8

Vulnrichment•added 2023/10/16 11:31 p.m.•7 views

CVE-2012-10016 Halulu simple-download-button-shortcode Plugin Download simple-download-button_dl.php information disclosure

A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-buttondl.php of the component Download Handler. The manipulation of the argument file leads to information...

4.3CVSS7.5AI score0.00578EPSS

Exploits0References3

Cvelist•added 2023/10/16 11:31 p.m.•24 views

CVE-2012-10016 Halulu simple-download-button-shortcode Plugin Download simple-download-button_dl.php information disclosure

4.3CVSS7.5AI score0.00578EPSS

Exploits0References3

CVE•added 2023/10/16 11:31 p.m.•56 views

CVE-2012-10016

CVE-2012-10016 affects the Halulu simple-download-button-shortcode WordPress plugin (version 1.0). The vulnerability lies in an unknown function within the file simple-download-button_dl.php of the Download Handler, where manipulation of the file argument leads to information disclosure. The issu...

7.5CVSS5.7AI score0.00578EPSS

Exploits0References3Affected Software1

OSV•added 2023/10/16 8:15 p.m.•3 views

CVE-2023-5177

The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode...

5.3CVSS7.3AI score0.00545EPSS

Exploits2References1

OSV•added 2023/10/16 8:15 p.m.•1 views

CVE-2023-4783

The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00403EPSS

Exploits2References1

OSV•added 2023/10/16 8:15 p.m.•1 views

CVE-2023-4795

The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used agains...

5.4CVSS5.8AI score

Exploits0References1

OSV•added 2023/10/16 8:15 p.m.•1 views

CVE-2023-4798

The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks...

5.4CVSS7.3AI score0.00394EPSS

Exploits2References1

OSV•added 2023/10/16 8:15 p.m.•3 views

CVE-2023-4290

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...

6.1CVSS5.8AI score

Exploits0References1

OSV•added 2023/10/16 8:15 p.m.•2 views

CVE-2023-4646

The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS7.3AI score0.00394EPSS

Exploits2References1

OSV•added 2023/10/16 8:15 p.m.•4 views

CVE-2023-4289

The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

5.4CVSS5.8AI score0.00403EPSS

Exploits2References1