CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

RedhatCVE•added 2025/02/04 10:30 p.m.•6 views

CVE-2024-8981

The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible for unauthenticated...

7.1CVSS6.4AI score0.02356EPSS

Exploits0References1

CVE•added 2025/02/04 12:22 p.m.•46 views

CVE-2024-13699

CVE-2024-13699 affects the Qi Addons For Elementor WordPress plugin. It is a Stored Cross-Site Scripting vulnerability via the cursor parameter in all versions up to 1.8.7, enabling an authenticated attacker (Contributor level or higher) to inject scripts that execute when a user loads a page. Ro...

6.4CVSS5.9AI score0.00228EPSS

Exploits0References6Affected Software1

CVE•added 2025/02/04 9:21 a.m.•46 views

CVE-2024-13510

The CVE-2024-13510 entry covers the WordPress ShopSite plugin (versions up to 1.5.10) vulnerable to Cross-Site Request Forgery, enabling unauthenticated attackers to update settings and inject malicious scripts via forged requests that trick an admin into performing an action. Technical details a...

6.1CVSS6.5AI score0.00151EPSS

Exploits0References2

NVD•added 2025/02/04 9:15 a.m.•6 views

CVE-2024-13403

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fieldHTML’ parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping...

6.4CVSS0.00283EPSS

Exploits0References4

Cvelist•added 2025/02/01 3:21 a.m.•11 views

CVE-2024-13547 aThemes Addons for Elementor <= 1.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00176EPSS

Exploits0References2

NVD•added 2025/01/31 6:15 a.m.•9 views

CVE-2025-0809

The Link Fixer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via broken links in all versions up to, and including, 3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.2CVSS0.00633EPSS

Exploits0References2

Vulnrichment•added 2025/01/30 1:42 p.m.•7 views

CVE-2024-10847 Storely <= 16.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 16.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS5.7AI score0.00054EPSS

Exploits0References2

CVE•added 2025/01/30 1:41 p.m.•46 views

CVE-2024-13700

The CVE concerns the WordPress plugin Embed Swagger UI (WordPress) up to version 1.0.0, where a Stored Cross-Site Scripting flaw exists in the wpsgui shortcode due to insufficient input sanitization and output escaping. Exploitation requires authentication at contributor level or higher; an attac...

6.4CVSS5.7AI score0.00114EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/01/30 12:22 p.m.•3 views

CVE-2024-13466 Automatically Hierarchic Categories in Menu <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Automatically Hierarchic Categories in Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.8AI score0.00132EPSS

Exploits0References4

CVE•added 2025/01/30 11:10 a.m.•43 views

CVE-2024-12409

CVE-2024-12409 refers to a reflected Cross-Site Scripting vulnerability in the Simple:Press Forum plugin for WordPress. Affected software: Simple:Press Forum, versions up to and including 6.10.11. Root cause: insufficient input sanitization and output escaping in the Reflected XSS via the s param...

6.1CVSS6AI score0.00534EPSS

Exploits0References3Affected Software1

NVD•added 2025/01/30 9:15 a.m.•7 views

CVE-2024-13732

The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sectiontag’ parameter in all versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00072EPSS

Exploits0References4

Github Security Blog•added 2025/01/27 6:32 p.m.•7 views

Dolibarr Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

9CVSS5.8AI score0.00117EPSS

Exploits1References7Affected Software1

Github Security Blog•added 2025/01/27 6:32 p.m.•9 views

Dolibarr Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

9CVSS5.8AI score0.00223EPSS

Exploits1References7Affected Software1

OSV•added 2025/01/27 5:15 p.m.•4 views

CVE-2024-55227

9CVSS5.7AI score

Exploits0References5

CVE•added 2025/01/27 12:0 a.m.•55 views

CVE-2024-55227

CVE-2024-55227 affects Dolibarr 21.0.0-beta in the Events/Agenda module. The vulnerability is a cross-site scripting (XSS) flaw in the Title parameter that can lead to arbitrary web-script execution. The NVD/CVSS details indicate a critical impact (CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H, ...

9CVSS6.1AI score0.00223EPSS

Exploits1References5Affected Software1

NVD•added 2025/01/25 8:15 a.m.•9 views

CVE-2024-12512

The Ask Me Anything Anonymously plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'askmeanythingpeople' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS0.00193EPSS

Exploits0References2

Vulnrichment•added 2025/01/25 7:24 a.m.•3 views

CVE-2024-12076 Target Video Easy Publish <= 3.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Target Video Easy Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the resynccarousel, seeksnapshot, uploadedcc, and removecc functions. This makes it possible for...

6.1CVSS6.6AI score0.00967EPSS

Exploits0References7

NVD•added 2025/01/24 10:15 a.m.•10 views

CVE-2024-12494

The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmltmeetingmap' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00277EPSS

Exploits0References3

Github Security Blog•added 2025/01/22 6:31 p.m.•7 views

Withdrawn Advisory: Umbraco Rich Text Display allows Cross-Site Scripting

Withdrawn Advisory This advisory has been withdrawn because the issue is a documented security. This link is maintained to preserve external references. For more information, see https://github.com/github/advisory-database/pull/5270. Original Advisory A stored cross-site scripting XSS vulnerabili...

6.5CVSS6AI score0.00294EPSS

Exploits1References7Affected Software1

OSV•added 2025/01/22 6:31 p.m.•4 views

GHSA-572Q-86RR-5VGQ Withdrawn Advisory: Umbraco Rich Text Display allows Cross-Site Scripting

6.5CVSS6AI score0.00294EPSS

Exploits1References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by