CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

RedhatCVE•added 2026/01/07 9:12 a.m.•5 views

CVE-2024-2334

The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with autho...

6.4CVSS5.9AI score0.00222EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-36749

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.00106EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2021-34157

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.06919EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 7:42 a.m.•2 views

CVE-2024-37550

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Envato Template Kit – Export allows Stored XSS.This issue affects Template Kit – Export: from n/a through 1.0.22...

5.9CVSS6.8AI score0.00106EPSS

Exploits0References1

NVD•added 2024/07/21 7:15 a.m.•10 views

CVE-2024-37550

5.9CVSS0.00106EPSS

Exploits0References1

OSV•added 2024/07/21 7:15 a.m.•0 views

CVE-2024-37550

4.8CVSS5.8AI score

Exploits0References1

CVE•added 2024/07/21 6:57 a.m.•48 views

CVE-2024-37550

CVE-2024-37550 describes an Stored XSS in the WordPress plugin Template Kit – Export from Envato. Affected range listed: from n/a through 1.0.22. The description explicitly states Stored XSS via input during web page generation, implying exploit could occur when rendering pages that incorporate u...

5.9CVSS5.8AI score0.00106EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/07/21 6:57 a.m.•11 views

CVE-2024-37550 WordPress Template Kit – Export plugin <= 1.0.22 - Cross Site Scripting (XSS) vulnerability

5.9CVSS5.8AI score0.00106EPSS

Exploits0References1

Cvelist•added 2024/07/21 6:57 a.m.•11 views

CVE-2024-37550 WordPress Template Kit – Export plugin <= 1.0.22 - Cross Site Scripting (XSS) vulnerability

5.9CVSS0.00106EPSS

Exploits0References1

Positive Technologies•added 2024/07/21 12:0 a.m.•1 views

PT-2024-27648 · Envato · Envato Template Kit

Name of the Vulnerable Software and Affected Versions: Envato Template Kit – Export versions 1.0.0 through 1.0.22 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

5.9CVSS5.6AI score0.00106EPSS

Exploits0References4

Patchstack•added 2024/07/06 3:55 p.m.•2 views

WordPress Template Kit – Export plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mahesh Nagabhairava Patchstack Alliance in WordPress Plugin Template Kit – Export versions = 1.0.23...

5.9CVSS6.1AI score0.00106EPSS

Exploits0Affected Software1

Patchstack•added 2024/07/06 12:0 a.m.•5 views

WordPress Template Kit – Export Plugin <= 1.0.23 is vulnerable to Cross Site Scripting (XSS)

Software Template Kit – Export Type Plugin Vulnerable versions = 1.0.23 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37550 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 393ac04c5e97 Credits Mahesh Nagabhairava Required...

5.9CVSS6.6AI score0.00106EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/04/09 6:58 p.m.•18 views

CVE-2024-2334 Template Kit – Import <= 1.0.14 - Authenticated(Author+) Stored Cross-Site Scripting via template upload

6.4CVSS5.9AI score0.00222EPSS

Exploits0References3

Vulnrichment•added 2024/04/09 6:58 p.m.•15 views

CVE-2024-2334 Template Kit – Import <= 1.0.14 - Authenticated(Author+) Stored Cross-Site Scripting via template upload

6.4CVSS7.3AI score0.00222EPSS

Exploits0References3

CNNVD•added 2024/04/09 12:0 a.m.•2 views

WordPress Plugin Template Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS7.7AI score0.00222EPSS

Exploits0References4

Positive Technologies•added 2024/04/09 12:0 a.m.•3 views

PT-2024-19819 · WordPress · The Template Kit

Name of the Vulnerable Software and Affected Versions: The Template Kit – Import plugin for WordPress versions prior to 1.0.15 Description: The issue arises from insufficient input sanitization and output escaping in the template upload functionality, allowing authenticated attackers with author...

6.4CVSS9.4AI score0.00222EPSS

Exploits0References4

Patchstack•added 2024/04/02 2:6 a.m.•5 views

WordPress Template Kit – Import plugin <= 1.0.14 - Authenticated(Author+) Stored Cross-Site Scripting via template upload vulnerability

AuthenticatedAuthor+ Stored Cross-Site Scripting via template upload vulnerability discovered by Colin Xu in WordPress Plugin Template Kit – Import versions = 1.0.14...

6.4CVSS5.9AI score0.00222EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/04/02 12:0 a.m.•16 views

Template Kit – Import < 1.0.15 - Author+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the template upload functionality due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and above, to inject arbitrary web scripts in pages that wil...

6.4CVSS6AI score0.00222EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/04/02 12:0 a.m.•24 views

WordPress Template Kit – Import Plugin <= 1.0.14 is vulnerable to Cross Site Scripting (XSS)

Software Template Kit – Import Type Plugin Vulnerable versions = 1.0.14 Fixed in 1.0.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2334 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3ba95df4bab0 Credits Colin Xu Require...

6.4CVSS5.7AI score0.00222EPSS

Exploits0References3Affected Software1

OSV•added 2023/03/07 2:15 p.m.•2 views

CVE-2021-4330

The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for...

8.8CVSS6.3AI score0.06919EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by