CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Vulnrichment•added 2024/07/24 2:33 a.m.•8 views

CVE-2024-6753 Social Auto Poster <= 5.3.14 - Unauthenticated Stored Cross-Site Scripting

The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpwautopostermapwordpressposttype' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6.1AI score0.03942EPSS

Exploits0References2

Veracode•added 2024/07/23 6:43 a.m.•12 views

Cross-Site Scripting (XSS)

boldgrid-editor is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization and output escaping affecting the boldgridcanvasimage AJAX endpoint. This allows an attackers with Contributor-level access and above to inject arbitrary web scripts in pages tha...

6.4CVSS6.2AI score0.03786EPSS

Exploits1References7Affected Software1

Cvelist•added 2024/07/20 2:37 a.m.•14 views

CVE-2024-2337 Easy Testimonials <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonialsgrid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00162EPSS

Exploits0References2

Vulnrichment•added 2024/07/20 2:37 a.m.•9 views

CVE-2024-2337 Easy Testimonials <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS5.8AI score0.00162EPSS

Exploits0References2

CVE•added 2024/07/18 2:3 a.m.•19 views

CVE-2024-5964

CVE-2024-5964 (Zenon Lite theme) : WordPress Zenon Lite theme versions up to and including 1.9 are vulnerable to a stored XSS via the url parameter in the Button shortcode, caused by insufficient input sanitization and output escaping. Exploitation requires authentication at Contributor level or ...

6.4CVSS6AI score0.00196EPSS

Exploits0References2

Vulnrichment•added 2024/07/16 8:32 a.m.•18 views

CVE-2024-3587 Premium Portfolio Features for Phlox theme <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via ' Grid Portfolios'

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Portfolios Widget in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS5.8AI score0.00233EPSS

Exploits0References3

NVD•added 2024/07/12 10:15 p.m.•13 views

CVE-2024-5902

The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS0.03505EPSS

Exploits0References2

Cvelist•added 2024/07/12 12:46 p.m.•13 views

CVE-2024-6495 Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00311EPSS

Exploits0References2

CVE•added 2024/07/12 6:50 a.m.•46 views

CVE-2024-6588

CVE-2024-6588 concerns the PowerPress Podcasting plugin for WordPress. The vulnerability is a Reflected Cross-Site Scripting flaw in the media_url parameter present in all versions up to and including 11.9.10, caused by insufficient input sanitization and output escaping. It enables unauthenticat...

6.4CVSS6.3AI score0.00576EPSS

Exploits0References4

Vulnrichment•added 2024/07/12 6:50 a.m.•10 views

CVE-2024-6588 PowerPress Podcasting plugin by Blubrry <= 11.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via media_url Parameter

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘mediaurl’ parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.4CVSS6.4AI score0.00576EPSS

Exploits0References4

NVD•added 2024/07/11 12:15 a.m.•19 views

CVE-2024-6447

The FULL – Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on the related...

7.2CVSS0.01659EPSS

Exploits0References4

CNVD•added 2024/07/11 12:0 a.m.•7 views

Z-BlogPHP cross-site scripting vulnerability (CNVD-2024-32984)

Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. Z-BlogPHP suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload...

6.1CVSS6.3AI score0.08283EPSS

Exploits1References1

Vulnrichment•added 2024/07/10 7:36 a.m.•10 views

CVE-2023-6813 Login by Auth0 <= 4.6.0 - Reflected Cross-Site Scripting via wle

The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wle’ parameter in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.5AI score0.03505EPSS

Exploits0References2

Vulnrichment•added 2024/07/10 2:2 a.m.•12 views

CVE-2024-4866 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.1.6 due to insufficient input...

6.4CVSS6.1AI score0.0048EPSS

Exploits0References7

NVD•added 2024/07/09 6:15 p.m.•14 views

CVE-2024-40740

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/id/edit/...

7.1CVSS0.00092EPSS

Exploits1References1

NVD•added 2024/07/09 6:15 p.m.•27 views

CVE-2024-40737

6.1CVSS0.00313EPSS

Exploits1References1

OSV•added 2024/07/09 6:15 p.m.•11 views

CVE-2024-40740

6.1CVSS5.7AI score

Exploits0References1

OSV•added 2024/07/09 6:15 p.m.•9 views

CVE-2024-40742

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add...

6.1CVSS5.7AI score

Exploits0References1

NVD•added 2024/07/09 6:15 p.m.•12 views

CVE-2024-40739

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add...

6.1CVSS0.00142EPSS

Exploits1References1

NVD•added 2024/07/09 6:15 p.m.•16 views

CVE-2024-40729

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/...

7.1CVSS0.00282EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by