CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

NVD•added 2025/01/07 6:15 a.m.•5 views

CVE-2024-12384

The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page’ parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS0.0261EPSS

Exploits0References5

Vulnrichment•added 2025/01/07 5:23 a.m.•4 views

CVE-2024-12261 SmartEmailing.cz <= 2.2.0 - Reflected Cross-Site Scripting

The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'se-lists-updated' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.4AI score0.02566EPSS

Exploits0References3

NVD•added 2025/01/07 5:15 a.m.•10 views

CVE-2024-12256

The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'analyticsvideo' parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

6.1CVSS0.01989EPSS

Exploits0References2

NVD•added 2025/01/07 5:15 a.m.•7 views

CVE-2024-12153

The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.9.92. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.1CVSS0.01481EPSS

Exploits0References3

Vulnrichment•added 2025/01/07 4:22 a.m.•5 views

CVE-2024-11810 PayGreen Payment Gateway <= 1.0.26 - Reflected Cross-Site Scripting

The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'messageid' parameter in all versions up to, and including, 1.0.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.01926EPSS

Exploits0References3

CVE•added 2025/01/07 4:22 a.m.•44 views

CVE-2024-12256

The CVE-2024-12256 entry concerns the Simple Video Management System WordPress plugin, vulnerable to Reflected Cross-Site Scripting via the analytics_video parameter in all versions up to 1.0.4. Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated attackers cou...

6.1CVSS6AI score0.01989EPSS

Exploits0References2

Cvelist•added 2025/01/07 4:22 a.m.•18 views

CVE-2024-12256 Simple Video Management System <= 1.0.4 - Reflected Cross-Site Scripting

6.1CVSS0.01989EPSS

Exploits0References2

Vulnrichment•added 2025/01/07 4:22 a.m.•7 views

CVE-2024-11363 Same but Different – Related Posts by Taxonomy <= 1.0.16 - Reflected Cross-Site Scripting

The Same but Different – Related Posts by Taxonomy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated...

6.1CVSS6.4AI score0.01144EPSS

Exploits0References2

CVE•added 2025/01/07 4:22 a.m.•42 views

CVE-2024-12291

CVE-2024-12291 : The ViewMedica 9 WordPress plugin is vulnerable to Cross-Site Request Forgery that leads to a Reflected Cross-Site Scripting condition in all versions up to 1.4.15. The root cause is missing or incorrect nonce validation on a function, enabling unauthenticated attackers to induce...

6.1CVSS7.1AI score0.00584EPSS

Exploits0References3

CVE•added 2025/01/07 4:21 a.m.•40 views

CVE-2024-11378

CVE-2024-11378 describes a reflected XSS in the Bizapp for WooCommerce WordPress plugin. The issue occurs in the plugin’s/URL parameter named error and affects all versions up to and including 2.0.8 due to insufficient input sanitization and output escaping. The vulnerability permits unauthentica...

6.1CVSS6AI score0.01268EPSS

Exploits0References2

CVE•added 2025/01/07 4:21 a.m.•45 views

CVE-2024-12214

CVE-2024-12214 affects the WooCommerce HSS Extension for Streaming Video (WordPress). The vulnerability is a reflected Cross-Site Scripting (Reflected XSS) via the videolink parameter in all versions up to and including 3.31, caused by insufficient input sanitization and output escaping. Exploita...

6.1CVSS6AI score0.02088EPSS

Exploits0References2

Cvelist•added 2025/01/07 4:21 a.m.•11 views

CVE-2024-12214 WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter

The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.02088EPSS

Exploits0References2

NVD•added 2025/01/07 4:15 a.m.•4 views

CVE-2024-12592

The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testSellsy' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0031EPSS

Exploits0References2

NVD•added 2025/01/07 4:15 a.m.•4 views

CVE-2024-11934

The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formaloo' shortcode in all versions up to, and including, 2.1.3.2 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.0036EPSS

Exploits0References3

Vulnrichment•added 2025/01/07 3:21 a.m.•3 views

CVE-2024-12098 ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting

The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utmkeyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.4AI score0.02566EPSS

Exploits0References2

CVE•added 2025/01/07 3:21 a.m.•41 views

CVE-2024-12098

CVE-2024-12098 affects the ARS Affiliate Page Plugin for WordPress. The issue is a Reflected Cross-Site Scripting via the utm_keyword parameter in all versions up to and including 2.0.2, allowing unauthenticated attackers to inject scripts in pages executed when a user clicks a crafted link. A pa...

6.1CVSS6AI score0.02566EPSS

Exploits0References3

Github Security Blog•added 2025/01/06 9:30 p.m.•15 views

REDAXO CMS Cross-site Scripting vulnerability

A stored cross-site scripting XSS vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter...

5.4CVSS5.7AI score0.00465EPSS

Exploits1References4Affected Software1

OSV•added 2025/01/06 9:30 p.m.•8 views

GHSA-M78C-QX99-MVW9 Grav Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.1CVSS5.9AI score0.00152EPSS

Exploits1References4

OSV•added 2025/01/06 7:15 p.m.•5 views

CVE-2024-46209

5.4CVSS5.9AI score0.00465EPSS

Exploits1References2

Veracode•added 2025/01/06 6:46 a.m.•9 views

Cross-Site Scripting (XSS)

Liferay Portal is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of user input in the Service Class text field, allowing remote attackers to inject arbitrary web scripts or HTML...

4.8CVSS6.3AI score0.00175EPSS

Exploits0References3Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by