CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

RedhatCVE•added 2026/01/24 3:18 p.m.•2 views

CVE-2026-24576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

6.5CVSS5.4AI score0.00019EPSS

Exploits0References1

NVD•added 2026/01/23 3:16 p.m.•1 views

CVE-2026-24576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

6.5CVSS0.00019EPSS

Exploits0References1

CVE•added 2026/01/23 2:28 p.m.•6 views

CVE-2026-24576

CVE-2026-24576 is a stored XSS vulnerability in the WordPress UX Flat plugin (ux-flat) affecting versions up to and including 5.4.0. The issue is described as improper neutralization of input during web page generation, enabling stored cross-site scripting. The primary connected sources confirm t...

6.5CVSS5.4AI score0.00019EPSS

Exploits0References1

Cvelist•added 2026/01/23 2:28 p.m.•26 views

CVE-2026-24576 WordPress UX Flat plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

6.5CVSS0.00019EPSS

Exploits0References1

Vulnrichment•added 2026/01/23 2:28 p.m.•3 views

CVE-2026-24576 WordPress UX Flat plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

6.5CVSS5.4AI score0.00019EPSS

Exploits0References1

ATTACKERKB•added 2026/01/23 2:28 p.m.•1 views

CVE-2026-24576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

5.4CVSS5.9AI score0.00019EPSS

Exploits0References2

Positive Technologies•added 2026/01/23 12:0 a.m.•1 views

PT-2026-4415

Name of the Vulnerable Software and Affected Versions COP UX Flat versions through 5.4.0 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting issue. This allows for Stored XSS attacks. Recommendations Update...

5.4CVSS5.1AI score0.00019EPSS

Exploits0References3

Patchstack•added 2026/01/20 9:6 p.m.•2 views

WordPress UX Flat plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin UX Flat versions = 5.4.0...

5.4CVSS5.3AI score0.00019EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/01/07 9:8 a.m.•4 views

CVE-2024-2459

The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wi...

7.4CVSS7.4AI score0.00105EPSS

Exploits0References1

Patchstack•added 2024/03/21 12:0 a.m.•9 views

WordPress UX Flat Plugin <= 4.4 is vulnerable to Cross Site Scripting (XSS)

Software UX Flat Type Plugin Vulnerable versions = 4.4 Fixed in 4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2459 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1c4ff3eaa36d Credits Francesco Carlucci Required privileg...

7.4CVSS6AI score0.00105EPSS

Exploits0References3Affected Software1

CVE•added 2024/03/20 6:48 a.m.•52 views

CVE-2024-2459

CVE-2024-2459 affects the WordPress plugin UX Flat. The Red Hat and Wordfence entries confirm: all versions up to and including 4.1 are vulnerable to a Stored Cross-Site Scripting (XSS) via the plugin’s button shortcode, caused by insufficient input sanitization and output escaping of user-suppli...

7.4CVSS7.4AI score0.00105EPSS

Exploits0References3

Vulnrichment•added 2024/03/20 6:48 a.m.•9 views

CVE-2024-2459 UX Flat <= 4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

7.4CVSS7.4AI score0.00105EPSS

Exploits0References3

CNNVD•added 2024/03/20 12:0 a.m.•1 views

WordPress Plugin UX Flat Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.4CVSS6AI score0.00105EPSS

Exploits0References3

Positive Technologies•added 2024/03/20 12:0 a.m.•2 views

PT-2024-20471 · WordPress · Ux Flat

Name of the Vulnerable Software and Affected Versions: UX Flat plugin for WordPress versions up to, and including, 4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'button' shortcode due to insufficient input sanitization and output escaping on user-supplied...

7.4CVSS7.9AI score0.00105EPSS

Exploits0References4

WPVulnDB•added 2024/03/19 12:0 a.m.•14 views

UX Flat <= 4.8 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its 'button' shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

7.4CVSS7.2AI score0.00105EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by