CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

Vulnrichment•added 2026/01/23 2:28 p.m.•3 views

CVE-2026-24576 WordPress UX Flat plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

6.5CVSS5.4AI score0.00019EPSS

Exploits0References1

Patchstack•added 2026/01/20 9:6 p.m.•3 views

WordPress UX Flat plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin UX Flat versions = 5.4.0...

5.4CVSS5.3AI score0.00019EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/01/07 9:8 a.m.•5 views

CVE-2024-2459

The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wi...

7.4CVSS7.4AI score0.00105EPSS

Exploits0References1

Vulnrichment•added 2024/03/20 6:48 a.m.•11 views

CVE-2024-2459 UX Flat <= 4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

7.4CVSS7.4AI score0.00105EPSS

Exploits0References3

WPVulnDB•added 2024/03/19 12:0 a.m.•14 views

UX Flat <= 4.8 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its 'button' shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

7.4CVSS7.2AI score0.00105EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by