CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2024/12/20 12:0 a.m.•2 views

PT-2024-17255 · WordPress · Financial Calculator

Name of the Vulnerable Software and Affected Versions: Financial Calculator plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's finance calculator shortcode due to insufficient input sanitization and output...

6.4CVSS8AI score0.0027EPSS

Positive Technologies•added 2024/12/20 12:0 a.m.•2 views

PT-2024-17631 · WordPress · Nacc Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: NACC WordPress Plugin versions up to, and including, 4.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS8AI score0.00351EPSS

Exploits0References10

Positive Technologies•added 2024/12/20 12:0 a.m.•2 views

PT-2024-17256 · WordPress · Sell Tickets Online – Ticketsource Ticket Shop

Name of the Vulnerable Software and Affected Versions: Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin versions up to, and including, 3.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode due to insufficient input...

6.4CVSS7.9AI score0.00338EPSS

Positive Technologies•added 2024/12/20 12:0 a.m.•3 views

PT-2024-17633 · WordPress · Embed Twine

Name of the Vulnerable Software and Affected Versions: Embed Twine plugin for WordPress versions up to, and including, 0.1.0 Description: The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed twine' shortcode due to insufficient input sanitizati...

6.4CVSS7.9AI score0.0027EPSS

Positive Technologies•added 2024/12/20 12:0 a.m.•4 views

PT-2024-17250 · WordPress · Pcrecruiter Extensions

Name of the Vulnerable Software and Affected Versions: PCRecruiter Extensions plugin for WordPress versions up to, and including, 1.4.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode due to insufficient input sanitization and output...

6.4CVSS7.9AI score0.00287EPSS

Positive Technologies•added 2024/12/20 12:0 a.m.•3 views

PT-2024-17327 · WordPress · Spoki

Name of the Vulnerable Software and Affected Versions: Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress versions up to, and including, 2.15.14 Description: The issue is related to Stored Cross-Site Scripting via the plugin's spoki button shortcode due to insufficient input...

6.4CVSS7.9AI score0.00379EPSS

Positive Technologies•added 2024/12/20 12:0 a.m.•6 views

PT-2024-17248 · WordPress · Outdooractive Embed

Name of the Vulnerable Software and Affected Versions: Outdooractive Embed plugin for WordPress version 1.5 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS7.9AI score0.0027EPSS

OSV•added 2024/12/19 6:15 a.m.•2 views

CVE-2024-11740

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

7.3CVSS6.1AI score

NVD•added 2024/12/19 6:15 a.m.•18 views

CVE-2024-11740

7.3CVSS0.01888EPSS

CVE•added 2024/12/19 5:24 a.m.•153 views

CVE-2024-11740

The CVE-2024-11740 entry concerns the WordPress Download Manager plugin (versions up to and including 3.3.03). The root cause is improper validation before executing do_shortcode, allowing unauthenticated attackers to execute arbitrary shortcodes via an action. This results in an unauthenticated ...

7.3CVSS7.3AI score0.01888EPSS

In wildExploits0References3Affected Software1

Vulnrichment•added 2024/12/19 5:24 a.m.•14 views

CVE-2024-11740 Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution

7.3CVSS7.6AI score0.01888EPSS

Cvelist•added 2024/12/19 5:24 a.m.•24 views

CVE-2024-11740 Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution

7.3CVSS0.01888EPSS

Patchstack•added 2024/12/18 10:36 p.m.•5 views

WordPress Download Manager plugin <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Download Manager versions = 3.3.03...

7.3CVSS7.1AI score0.01888EPSS

Exploits0References1Affected Software1

OSV•added 2024/12/18 4:15 a.m.•3 views

CVE-2024-12061

The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naeventselementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...

4.3CVSS5.8AI score0.00367EPSS

Exploits0References2

Positive Technologies•added 2024/12/18 12:0 a.m.•2 views

PT-2024-16993 · WordPress · Scancircle

Name of the Vulnerable Software and Affected Versions: ScanCircle plugin for WordPress versions up to, and including, 2.9.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's scancircle shortcode. This allows...

6.4CVSS9.3AI score0.00338EPSS

Exploits0References11

Positive Technologies•added 2024/12/18 12:0 a.m.•1 views

PT-2024-17318 · WordPress · Easy Waveform Player

Name of the Vulnerable Software and Affected Versions: Easy Waveform Player plugin for WordPress versions up to, and including, 1.2.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode due to insufficient input sanitization and output...

6.4CVSS8AI score0.00331EPSS