CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8972 matches found

OSV•added 2024/07/30 7:15 a.m.•4 views

CVE-2024-7100

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btbbbutton shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

5.4CVSS6AI score0.00414EPSS

Exploits0References4

Positive Technologies•added 2024/07/30 12:0 a.m.•2 views

PT-2024-38075 · WordPress · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: The Bold Page Builder plugin for WordPress versions up to, and including, 5.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's bt bb button shortcode due to insufficient input sanitization and output escapin...

6.4CVSS6.2AI score0.00414EPSS

Exploits0References8

Patchstack•added 2024/07/29 2:32 a.m.•2 views

WordPress Master Currency WP plugin <= 1.1.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via Currency Converter Form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Currency Converter Form Shortcode vulnerability discovered by Artem Polynko Artem Polynko in WordPress Plugin Master Currency WP versions = 1.1.61...

6.4CVSS5.8AI score0.00267EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/07/27 1:51 a.m.•19 views

CVE-2024-6634 Master Currency WP <= 1.1.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via Currency Converter Form Shortcode

The Master Currency WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currencyconverterform shortcode in all versions up to, and including, 1.1.61 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00267EPSS

Exploits0References2

Positive Technologies•added 2024/07/27 12:0 a.m.•2 views

PT-2024-37763 · WordPress · Master Currency Wp

Name of the Vulnerable Software and Affected Versions: Master Currency WP plugin versions up to, and including, 1.1.61 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the currencyconverterform shortcode. This allows authenticat...

6.4CVSS6.5AI score0.00267EPSS

Exploits0References4

Positive Technologies•added 2024/07/27 12:0 a.m.•2 views

PT-2024-37417 · WordPress · Flipbox Builder

Name of the Vulnerable Software and Affected Versions: Flipbox Builder plugin for WordPress versions up to, and including, 1.5 Description: The issue allows authenticated attackers with Contributor-level access and above to inject a PHP Object via deserialization of untrusted input in the flipbox...

8.8CVSS7.1AI score0.00623EPSS

Exploits0References5

OSV•added 2024/07/24 8:15 a.m.•3 views

CVE-2024-6930

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

5.4CVSS6AI score0.00305EPSS

Exploits0References4

OSV•added 2024/07/24 7:15 a.m.•3 views

CVE-2024-6629

The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS6AI score0.0031EPSS

Exploits0References5

Patchstack•added 2024/07/24 7:2 a.m.•4 views

WordPress All-in-One Video Gallery plugin <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Video Shortcode vulnerability discovered by Webbernaut in WordPress Plugin All-in-One Video Gallery versions = 3.7.1...

6.4CVSS5.8AI score0.0031EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/07/24 2:41 a.m.•3 views

WordPress WP Booking Calendar plugin <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingform Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via bookingform Shortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Booking Calendar versions = 10.2.1...

6.4CVSS5.8AI score0.00305EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/07/24 12:0 a.m.•3 views

WordPress plugin All-in-One Video Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...

6.4CVSS5.8AI score0.0031EPSS

Exploits0References6

Positive Technologies•added 2024/07/24 12:0 a.m.•3 views

PT-2024-37758 · WordPress · All-In-One Video Gallery

Name of the Vulnerable Software and Affected Versions: All-in-One Video Gallery plugin for WordPress versions up to, and including, 3.7.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Video shortcode, allowing...

6.4CVSS7AI score0.0031EPSS

Exploits0References9

CNNVD•added 2024/07/24 12:0 a.m.•3 views

WordPress plugin WP Booking Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS5.9AI score0.00305EPSS

Exploits0References5

OSV•added 2024/07/22 10:15 a.m.•3 views

CVE-2024-37121

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in biplob018 Shortcode Addons allows Stored XSS.This issue affects Shortcode Addons: from n/a through 3.2.5...

4.8CVSS5.8AI score

Exploits0References1

NVD•added 2024/07/22 10:15 a.m.•15 views

CVE-2024-37121

5.9CVSS0.0026EPSS

Exploits0References1

Vulnrichment•added 2024/07/22 9:35 a.m.•14 views

CVE-2024-37121 WordPress Shortcode Addons plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability

5.9CVSS6.8AI score0.0026EPSS

Exploits0References1

CVE•added 2024/07/22 9:35 a.m.•51 views

CVE-2024-37121

CVE-2024-37121 is a Stored XSS vulnerability in WordPress plugin Shortcode Addons (biplob018 Shortcode Addons) affecting versions up to 3.2.5. The issue is described as Improper Neutralization of Input During Web Page Generation. Public details in connected sources confirm the vulnerability vecto...

5.9CVSS5.8AI score0.0026EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/07/22 9:35 a.m.•21 views

CVE-2024-37121 WordPress Shortcode Addons plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability

5.9CVSS0.0026EPSS

Exploits0References1

Positive Technologies•added 2024/07/22 12:0 a.m.•3 views

PT-2024-27317 · Unknown · Biplob018 Shortcode Addons

Name of the Vulnerable Software and Affected Versions: biplob018 Shortcode Addons versions 3.2.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendation...

5.9CVSS5.8AI score0.0026EPSS

Exploits0References6

NVD•added 2024/07/20 8:15 a.m.•7 views

CVE-2024-38679

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Yongki Agustinus Animated Typed JS Shortcode allows Stored XSS.This issue affects Animated Typed JS Shortcode: from n/a through 2.0...

6.5CVSS0.00302EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by