CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

CVE•added 2024/05/09 8:3 p.m.•81 views

CVE-2024-3916

CVE-2024-3916 concerns the Swift Framework WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) in several plugin shortcodes due to insufficient input sanitization and output escaping on user-supplied attributes. It affects all versions up to and including 2.7.31. The impact...

6.4CVSS7.7AI score0.00196EPSS

Exploits0References2

Cvelist•added 2024/05/09 8:3 p.m.•17 views

CVE-2024-3952 Advanced Ads – Ad Manager & AdSense <= 1.52.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6AI score0.00174EPSS

Exploits0References3

Cvelist•added 2024/05/09 8:3 p.m.•31 views

CVE-2024-4041 Yoast SEO <= 22.5 - Reflected Cross-Site Scripting

The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS6.4AI score0.05515EPSS

Exploits2References6

CVE•added 2024/05/09 8:3 p.m.•66 views

CVE-2024-1166

CVE-2024-1166 corresponds to the Image Hover Effects – Elementor Addon for WordPress. The vulnerability is a Stored Cross-Site Scripting in the Image Hover Effects Widget due to insufficient input sanitization and output escaping. Affected versions are all up to 1.4.1. Exploitation requires authe...

6.4CVSS5.7AI score0.00082EPSS

Exploits0References2

CVE•added 2024/05/09 8:3 p.m.•67 views

CVE-2024-4158

CVE-2024-4158: Blocksy Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the tagName parameter in Blocksy versions up to 2.0.42 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher; successful inje...

6.4CVSS5.8AI score0.00162EPSS

Exploits0References2Affected Software1

CVE•added 2024/05/09 8:3 p.m.•56 views

CVE-2024-4150

The CVE-2024-4150 issue affects the WordPress plugin Simple Basic Contact Form, up to version 20221201. It enables Reflected Cross-Site Scripting via the scf_email parameter due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject scripts in pages e...

6.1CVSS8.4AI score0.01641EPSS

Exploits0References3

CVE•added 2024/05/09 8:3 p.m.•100 views

CVE-2024-4107

Technical details about CVE-2024-4107 are not publicly provided in the supplied documents. Monitoring for updates is recommended.

6.4CVSS5.7AI score0.00184EPSS

Exploits1References2Affected Software1

WPVulnDB•added 2024/05/07 12:0 a.m.•10 views

Custom Field Suite < 2.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfsfieldsname' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score0.005EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/05/07 12:0 a.m.•16 views

Realtyna Organic IDX plugin < 4.14.8 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.4AI score0.00084EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/05/07 12:0 a.m.•16 views

Popup box < 4.1.3 - Cross-Site Request Forgery

Description The Popup box plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged...

7.1CVSS6.4AI score0.00136EPSS

Exploits0References1Affected Software1

CVE•added 2024/05/06 11:3 a.m.•50 views

CVE-2023-6854

CVE-2023-6854 affects the Breakdance WordPress plugin, enabling Stored XSS via the plugin’s custom postmeta output in all versions up to 1.7.0. The root cause is insufficient input sanitization and output escaping on user-supplied post meta fields, allowing authenticated attackers with contributo...

6.4CVSS5.7AI score0.00127EPSS

Exploits0References2

Cvelist•added 2024/05/06 11:3 a.m.•11 views

CVE-2023-6854 Breakdance <= 1.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom postmeta

The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping on user supplied post meta fields. This makes it possible for authenticat...

6.4CVSS6.3AI score0.00127EPSS

Exploits0References2

Debian CVE•added 2024/05/03 5:32 a.m.•66 views

CVE-2024-4439

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

7.2CVSS6.1AI score0.90583EPSS

Exploits4

Cvelist•added 2024/05/03 12:0 a.m.•10 views

CVE-2024-33791

A cross-site scripting XSS vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function...

5.7AI score0.00251EPSS

Exploits1References1

CVE•added 2024/05/03 12:0 a.m.•49 views

CVE-2024-33791

CVE-2024-33791 concerns a cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06. Multiple sources (NVD, Red Hat, CVE listings, CNNVD, PT-Security, etc.) confirm an XSS flaw allowing an attacker to execute arbitrary web scripts or HTML via a crafted payload in the getTimeZone f...

4.6CVSS5.8AI score0.00251EPSS

Exploits1References1Affected Software1

CVE•added 2024/05/03 12:0 a.m.•72 views

CVE-2024-33793

CVE-2024-33793 affects netis-systems MEX605 v2.00.06. A crafted payload to the device’s ping test page allows attackers to execute arbitrary OS commands. Documented impact is arbitrary command execution with local attack vector, low privileges, no user interaction. No explicit exploitation detail...

5.3CVSS7.7AI score0.00122EPSS

Exploits1References1Affected Software1

NVD•added 2024/05/02 5:15 p.m.•7 views

CVE-2024-4097

The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 3.1.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

7.2CVSS6.5AI score0.01647EPSS

Exploits0References2

NVD•added 2024/05/02 5:15 p.m.•10 views

CVE-2024-3885

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the subcontainer value parameter in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

6.4CVSS5.7AI score0.00214EPSS

Exploits0References2

NVD•added 2024/05/02 5:15 p.m.•12 views

CVE-2024-3715

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS6.2AI score0.0332EPSS

Exploits0References2

NVD•added 2024/05/02 5:15 p.m.•9 views

CVE-2024-3681

The Interactive World Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search s parameter in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.01268EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by