CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Vulnrichment•added 2024/11/28 8:47 a.m.•8 views

CVE-2024-11458 FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting

The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'aysfaqtab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6.4AI score0.0092EPSS

Exploits0References4

Cvelist•added 2024/11/28 8:47 a.m.•13 views

CVE-2024-11458 FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting

6.1CVSS0.0092EPSS

Exploits0References4

Cvelist•added 2024/11/28 8:47 a.m.•14 views

CVE-2024-11366 SEO Landing Page Generator <= 1.66.2 - Reflected Cross-Site Scripting

The SEO Landing Page Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.66.2. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00937EPSS

Exploits0References5

NVD•added 2024/11/27 7:15 a.m.•9 views

CVE-2024-10175

The Pricing Tables For WPBakery Page Builder formerly Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdopricingtables shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00201EPSS

Exploits0References2

Cvelist•added 2024/11/27 6:41 a.m.•13 views

CVE-2024-10895 Counter Up – Animated Number Counter & Milestone Showcase <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Counter Up – Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lgx-counter' shortcode in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00201EPSS

Exploits0References2

NVD•added 2024/11/26 7:15 p.m.•16 views

CVE-2024-53620

A cross-site scripting XSS vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...

4.8CVSS0.00143EPSS

Exploits1References1

Vulnrichment•added 2024/11/26 5:32 p.m.•21 views

CVE-2024-10878 Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting

The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attacker...

6.1CVSS6.4AI score0.01411EPSS

Exploits0References3

NVD•added 2024/11/26 10:15 a.m.•12 views

CVE-2024-11032

The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.01411EPSS

Exploits0References4

Vulnrichment•added 2024/11/26 9:32 a.m.•7 views

CVE-2024-11032 Parsi Date <= 5.1.1 - Reflected Cross-Site Scripting via add_query_arg Parameter

6.1CVSS6.5AI score0.01411EPSS

Exploits0References4

Cvelist•added 2024/11/26 9:32 a.m.•17 views

CVE-2024-11032 Parsi Date <= 5.1.1 - Reflected Cross-Site Scripting via add_query_arg Parameter

6.1CVSS0.01411EPSS

Exploits0References4

CVE•added 2024/11/26 9:32 a.m.•47 views

CVE-2024-11032

CVE-2024-11032 : The Parsi Date WordPress plugin (versions ≤ 5.1.1) is vulnerable to a Reflected Cross-Site Scripting flaw caused by using add_query_arg without proper URL escaping. This allows unauthenticated attackers to inject arbitrary scripts into pages that run when a user is tricked into p...

6.1CVSS6AI score0.01411EPSS

Exploits0References4

Cvelist•added 2024/11/26 8:31 a.m.•12 views

CVE-2024-11119 BNE Gallery Extended <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via gallery Shortcode

The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00195EPSS

Exploits0References4

NVD•added 2024/11/26 8:15 a.m.•15 views

CVE-2024-11202

Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cmindsfreeguide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.02206EPSS

Exploits0References16

CVE•added 2024/11/26 7:31 a.m.•62 views

CVE-2024-9504

CVE-2024-9504 affects the Booking calendar, Appointment Booking System plugin for WordPress, with an unauthenticated stored XSS via SVG uploads in versions up to 3.2.15 caused by inadequate input sanitization and output escaping. The vulnerability permits injection of script code that executes wh...

7.2CVSS6.2AI score0.00658EPSS

Exploits0References3

NVD•added 2024/11/26 4:15 a.m.•14 views

CVE-2024-11342

The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation in the skt-nurc-admin.php file. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00302EPSS

Exploits0References4

Vulnrichment•added 2024/11/26 3:25 a.m.•8 views

CVE-2024-11342 Skt NURCaptcha <= 3.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1CVSS6.7AI score0.00302EPSS

Exploits0References4

CVE•added 2024/11/26 3:25 a.m.•57 views

CVE-2024-11342

CVE-2024-11342 pertains to the WordPress plugin Skt NURCaptcha. Affected versions: all up to and including 3.5.0. Root cause: missing/incorrect nonce validation in skt-nurc-admin.php, enabling Cross-Site Request Forgery. Impact: unauthenticated attackers could trick a site administrator into upda...

6.1CVSS5.9AI score0.00302EPSS

Exploits0References4

Cvelist•added 2024/11/26 12:0 a.m.•16 views

CVE-2024-53620

0.00143EPSS

Exploits1References1

Vulnrichment•added 2024/11/26 12:0 a.m.•13 views

CVE-2024-53620

5.7AI score0.00143EPSS

Exploits1References1

Vulnrichment•added 2024/11/25 12:0 a.m.•17 views

CVE-2024-53599

A cross-site scripting XSS vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.8AI score0.00131EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by