CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

5210 matches found

NVD•added 2024/05/02 5:15 p.m.•17 views

CVE-2024-3647

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post ticker widget in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00196EPSS

Exploits0References2

NVD•added 2024/05/02 5:15 p.m.•16 views

CVE-2024-3550

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS5.9AI score0.00254EPSS

Exploits0References6

NVD•added 2024/05/02 5:15 p.m.•10 views

CVE-2024-3489

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Countdown Expired Title in all versions up to, and including, 2.6.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.4CVSS6AI score0.00803EPSS

Exploits0References2

NVD•added 2024/05/02 5:15 p.m.•11 views

CVE-2024-3338

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level...

5.4CVSS4.3AI score0.00243EPSS

Exploits0References2

NVD•added 2024/05/02 5:15 p.m.•6 views

CVE-2024-3021

The Mhr Post Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Header Title value in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level acces...

4.4CVSS4.7AI score0.00473EPSS

Exploits0References3

NVD•added 2024/05/02 5:15 p.m.•12 views

CVE-2024-2345

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the folder name parameter in all versions up to, and including, 5.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.0022EPSS

Exploits0References2

NVD•added 2024/05/02 5:15 p.m.•7 views

CVE-2024-2082

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6.3AI score0.01255EPSS

Exploits0References2

NVD•added 2024/05/02 5:15 p.m.•9 views

CVE-2024-1396

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00156EPSS

Exploits0References5

NVD•added 2024/05/02 5:15 p.m.•9 views

CVE-2024-0848

The AA Cash Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘invoice’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS6.3AI score0.01095EPSS

Exploits0References2

NVD•added 2024/05/02 5:15 p.m.•16 views

CVE-2023-6961

The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Referer’ header in all versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

7.2CVSS6.2AI score0.01571EPSS

Exploits0References2

Cvelist•added 2024/05/02 4:57 p.m.•13 views

CVE-2024-3681 Interactive World Maps <= 2.4.14 - Reflected Cross-Site Scripting

The Interactive World Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search s parameter in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.1AI score0.01268EPSS

Exploits0References2

Vulnrichment•added 2024/05/02 4:57 p.m.•8 views

CVE-2024-3681 Interactive World Maps <= 2.4.14 - Reflected Cross-Site Scripting

The Interactive World Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search s parameter in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.1AI score0.01268EPSS

Exploits0References2

CVE•added 2024/05/02 4:57 p.m.•44 views

CVE-2024-3473

The CVE CVE-2024-3473 affects the WordPress plugin Header Footer Code Manager Pro. It is a Reflected Cross-Site Scripting vulnerability via the message parameter in all versions up to 1.0.16, caused by insufficient input sanitization and output escaping. Exploitation requires a user to click a cr...

6.1CVSS6.4AI score0.02533EPSS

Exploits0References2

Vulnrichment•added 2024/05/02 4:57 p.m.•11 views

CVE-2024-4097 Cost Calculator Builder Pro <= 3.1.67 - Unauthenticated Cross-Site Scripting via SVG Upload

The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 3.1.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

7.2CVSS6.1AI score0.01647EPSS

Exploits0References2

Cvelist•added 2024/05/02 4:57 p.m.•17 views

CVE-2024-4097 Cost Calculator Builder Pro <= 3.1.67 - Unauthenticated Cross-Site Scripting via SVG Upload

The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 3.1.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

7.2CVSS6.9AI score0.01647EPSS

Exploits0References2

Vulnrichment•added 2024/05/02 4:52 p.m.•9 views

CVE-2024-3340 Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS6.1AI score0.0025EPSS

Exploits0References2

CVE•added 2024/05/02 4:52 p.m.•63 views

CVE-2024-3743

CVE-2024-3743 affects the Elementor Addon Elements plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) in the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets caused by insufficient input sanitization and output escaping. It affects...

6.4CVSS5.8AI score0.00228EPSS

Exploits0References7Affected Software1

CVE•added 2024/05/02 4:52 p.m.•57 views

CVE-2023-7030

The CVE-2023-7030 entry concerns the Collapse-O-Matic WordPress plugin (jquery-collapse-o-matic) with stored XSS via the plugin’s expand shortcode. Affected versions are all up to 1.8.5.5. The issue arises from insufficient input sanitization and output escaping of the tag attribute, enabling aut...

6.4CVSS5.7AI score0.00127EPSS

Exploits0References2

Vulnrichment•added 2024/05/02 4:52 p.m.•12 views

CVE-2023-7030

The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it possible for...

6.4CVSS5.7AI score0.00127EPSS

Exploits0References2

Cvelist•added 2024/05/02 4:52 p.m.•18 views

CVE-2024-2751 Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘exadinfoboxanimatingmaskstyle’ parameter in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00168EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by