CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Prion•added 2024/02/29 5:15 a.m.•14 views

Cross site scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute. This makes it...

3.6CVSS6AI score0.00282EPSS

Exploits0References2

NVD•added 2024/02/29 1:43 a.m.•13 views

CVE-2024-1519

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization...

6.5CVSS5.9AI score0.00572EPSS

Exploits0References3

NVD•added 2024/02/29 1:43 a.m.•14 views

CVE-2024-1276

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Content Ticker arrow attribute in all versions up to, and including, 5.9.8 due to insufficient input sanitization and outpu...

6.4CVSS5.8AI score0.00446EPSS

Exploits0References3

NVD•added 2024/02/29 1:43 a.m.•13 views

CVE-2024-1242

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00406EPSS

Exploits0References2

NVD•added 2024/02/29 1:43 a.m.•14 views

CVE-2024-1058

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor...

6.4CVSS5.6AI score0.00439EPSS

Exploits0References5

Prion•added 2024/02/29 1:43 a.m.•20 views

Cross site scripting

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcjproductbarcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. This makes ...

5.5CVSS6AI score0.00343EPSS

Exploits0References2

Prion•added 2024/02/29 1:43 a.m.•24 views

Cross site scripting

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.3.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

5.5CVSS6.1AI score0.00474EPSS

Exploits0References3

Prion•added 2024/02/29 1:43 a.m.•26 views

Cross site scripting

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all versions up to, and including, 2.6.6 due to insufficient input sanitization and output escaping...

3.2CVSS6AI score0.00339EPSS

Exploits0References2

Prion•added 2024/02/29 1:43 a.m.•21 views

Cross site scripting

The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

3.2CVSS6AI score0.00491EPSS

Exploits0References3

Prion•added 2024/02/29 1:43 a.m.•14 views

Cross site scripting

The Cost of Goods Sold COGS: Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'section' parameter in all versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping. This makes it possible for...

5.8CVSS6.8AI score0.00397EPSS

Exploits0References2

Prion•added 2024/02/29 1:43 a.m.•22 views

Cross site scripting

5.5CVSS5.9AI score0.00439EPSS

Exploits0References5

Prion•added 2024/02/29 1:43 a.m.•21 views

Cross site scripting

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo...

5.5CVSS6AI score0.00429EPSS

Exploits0References3

Prion•added 2024/02/29 1:43 a.m.•17 views

Cross site scripting

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.9.8 due to insufficient input...

5.5CVSS6AI score0.00445EPSS

Exploits0References3

Prion•added 2024/02/29 1:43 a.m.•35 views

Cross site scripting

6.4CVSS6.4AI score0.00572EPSS

Exploits0References3

Prion•added 2024/02/29 1:43 a.m.•20 views

Cross site scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and...

4.9CVSS6AI score0.00427EPSS

Exploits0References2

Prion•added 2024/02/29 1:43 a.m.•26 views

Cross site scripting

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject...

5.5CVSS6.4AI score0.00372EPSS

Exploits0References2

OSV•added 2024/02/29 1:42 a.m.•7 views

CVE-2023-6923

The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

6.1CVSS6.3AI score

Exploits0References2

Prion•added 2024/02/29 1:42 a.m.•39 views

Cross site scripting

5.8CVSS6.6AI score0.00499EPSS

Exploits0References2

WPVulnDB•added 2024/02/29 12:0 a.m.•9 views

Essential Blocks < 4.5.2 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the blockId parameter due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user...

6.4CVSS5.8AI score0.00427EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/02/29 12:0 a.m.•19 views

CVE-2024-25292

Cross-site scripting XSS vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter...

6AI score0.01485EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by