CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2024/10/04 2:4 a.m.•7 views

CVE-2024-9384 Quantity Dynamic Pricing & Bulk Discounts for WooCommerce <= 3.8.0 - Reflected Cross-Site Scripting

The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attacker...

6.1CVSS6.4AI score0.01829EPSS

CVE•added 2024/10/04 2:4 a.m.•38 views

CVE-2024-9421

CVE-2024-9421 refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Login Logout Shortcode. The issue affects versions up to and including 1.1.0 and arises from insufficient input sanitization and output escaping in the plugin’s handling of the class parameter. An at...

6.4CVSS5.5AI score0.00233EPSS

CVE•added 2024/10/04 2:4 a.m.•39 views

CVE-2024-9349

CVE-2024-9349 affects the WordPress plugin “Auto Amazon Links – Amazon Associates Affiliate Plugin” and is a reflected Cross-Site Scripting (XSS) vulnerability in how add_query_arg is used without proper escaping. It impacts all versions up to and including 5.4.2. Exploitation requires user inter...

6.1CVSS6.2AI score0.02325EPSS

Cvelist•added 2024/10/04 2:4 a.m.•9 views

CVE-2024-9353 Popularis Extra <= 1.2.6 - Reflected Cross-Site Scripting

The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web...

Vulnrichment•added 2024/10/04 2:4 a.m.•8 views

CVE-2024-9353 Popularis Extra <= 1.2.6 - Reflected Cross-Site Scripting

6.1CVSS6.4AI score0.01684EPSS

Vulnrichment•added 2024/10/04 2:4 a.m.•21 views

CVE-2024-9345 Product Delivery Date for WooCommerce – Lite <= 2.7.3 - Reflected Cross-Site Scripting

The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.4AI score0.01684EPSS

Cvelist•added 2024/10/04 2:4 a.m.•15 views

CVE-2024-9345 Product Delivery Date for WooCommerce – Lite <= 2.7.3 - Reflected Cross-Site Scripting

Cvelist•added 2024/10/04 2:4 a.m.•16 views

CVE-2024-8802 Clio Grow <= 1.0.2 - Reflected Cross-Site Scripting

The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.02325EPSS

Vulnrichment•added 2024/10/04 2:4 a.m.•7 views

CVE-2024-8802 Clio Grow <= 1.0.2 - Reflected Cross-Site Scripting

6.1CVSS6.4AI score0.02325EPSS

Exploits0References2

Cvelist•added 2024/10/04 12:0 a.m.•15 views

CVE-2024-46409

A stored cross-site scripting XSS vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page...

0.00151EPSS

Exploits2References2

NVD•added 2024/10/02 9:15 a.m.•10 views

CVE-2024-9378

The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.01256EPSS

NVD•added 2024/10/02 9:15 a.m.•9 views

CVE-2024-9218

The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including,...

CVE•added 2024/10/02 8:31 a.m.•47 views

CVE-2024-9218

CVE-2024-9218 affects the WordPress plugin Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid. It is a Reflected Cross-Site Scripting vulnerability caused by improper escaping of URLs when using add_query_arg in versions up to and incl...

6.1CVSS6.3AI score0.01684EPSS

Cvelist•added 2024/10/02 8:31 a.m.•16 views

CVE-2024-9378 YML for Yandex Market <= 4.7.2 - Reflected Cross-Site Scripting

6.1CVSS0.01256EPSS

CVE•added 2024/10/02 8:31 a.m.•41 views

CVE-2024-9378

CVE-2024-9378 : YML for Yandex Market plugin for WordPress, versions up to and including 4.7.2, is vulnerable to Reflected XSS via the page parameter due to insufficient input sanitization/escaping. Exploitation requires user interaction (tricking a user into clicking a link). The issue affects t...

6.1CVSS6.2AI score0.01256EPSS

Cvelist•added 2024/10/02 8:31 a.m.•23 views

CVE-2024-9344 BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript <= 2.1.1 - Reflected Cross-Site Scripting

The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.1.1 due to insufficient input...