CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2024/06/13 12:0 a.m.•13 views

CVE-2024-36647

A stored cross-site scripting XSS vulnerability in Church CRM v5.8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under the Register a New Family page...

0.00775EPSS

NVD•added 2024/06/12 5:15 p.m.•12 views

CVE-2024-22855

A cross-site scripting XSS vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter...

5.4CVSS0.00169EPSS

NVD•added 2024/06/12 10:15 a.m.•17 views

CVE-2024-2092

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS0.00323EPSS

CVE•added 2024/06/12 12:0 a.m.•52 views

CVE-2024-22855

CVE-2024-22855 affects ITSS iMLog v1.307 in the User Maintenance section. The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to inject a crafted payload into the Last Name parameter, enabling arbitrary web scripts or HTML execution. The issue stems from input handling ...

5.4CVSS5.6AI score0.00169EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2024/06/12 12:0 a.m.•16 views

12 Step Meeting List < 3.14.34 - Reflected Cross-Site Scripting

Description The 12 Step Meeting List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.14.33 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

7.1CVSS6.3AI score0.11514EPSS

Exploits0References1

WPVulnDB•added 2024/06/12 12:0 a.m.•20 views

WP Time Slots Booking Form < 1.2.11 - Unauthenticated Stored Cross-Site Scripting

Description The WP Time Slots Booking Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.1CVSS6AI score0.00275EPSS

Cvelist•added 2024/06/12 12:0 a.m.•18 views

CVE-2024-22855

0.00169EPSS

NVD•added 2024/06/11 5:15 a.m.•17 views

CVE-2024-5530

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to insufficie...

6.4CVSS0.0036EPSS

CVE•added 2024/06/11 4:32 a.m.•53 views

CVE-2024-5530

CVE-2024-5530 affects ShopLentor – WooCommerce Builder for Elementor & Gutenberg (formerly WooLentor) WordPress plugin. The vulnerability is a stored XSS via the WL: Product Horizontal Filter widget, caused by insufficient input sanitization and output escaping on user-supplied widget attributes....

6.4CVSS5.9AI score0.0036EPSS

Exploits0References3Affected Software1

CVE•added 2024/06/11 2:1 a.m.•48 views

CVE-2023-6745

CVE-2023-6745 concerns the WordPress plugin Custom Field Template . The vulnerability is a Stored Cross-Site Scripting (XSS) via the plugin’s cpt shortcode in all versions up to 2.6.1, caused by insufficient input sanitization and output escaping on user-supplied post meta. Exploitation requires ...

6.4CVSS5.9AI score0.00234EPSS

Exploits0References2Affected Software1

WPVulnDB•added 2024/06/11 12:0 a.m.•10 views

Event Tickets with Ticket Scanner < 2.3.2 - Reflected Cross-Site Scripting

Description The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

7.1CVSS6.3AI score0.00153EPSS

WPVulnDB•added 2024/06/11 12:0 a.m.•10 views

WP Shortcodes Plugin — Shortcodes Ultimate < 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sulightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS5.7AI score0.00233EPSS

NVD•added 2024/06/08 6:15 a.m.•15 views

CVE-2024-5613

The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'qualitycustomizernotifydismissaction' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS0.01684EPSS

Cvelist•added 2024/06/08 5:44 a.m.•21 views

CVE-2024-5613 Formula <= 0.5.1 - Reflected Cross-Site Scripting via quality_customizer_notify_dismiss_action

6.1CVSS0.01684EPSS

NVD•added 2024/06/08 3:15 a.m.•18 views

CVE-2024-5663

The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00225EPSS

Exploits0References4

Github Security Blog•added 2024/06/07 7:37 p.m.•22 views

Cross-site scripting (XSS) vulnerability in Description metadata

Summary Regardless of the role or privileges, no user should be able to inject malicious JavaScript JS scripts into the body HTML. an XSS Cross-Site Scripting vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the XSS...

4.8CVSS5.7AI score0.00721EPSS

Exploits1References5Affected Software1

OSV•added 2024/06/07 3:15 p.m.•23 views

CVE-2024-36773

A cross-site scripting XSS vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php...

4.8CVSS5.7AI score0.00113EPSS