CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Patchstack•added 2025/07/16 7:41 a.m.•4 views

WordPress Affiliate Reviews plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via numColumns Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via numColumns Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Affiliate Reviews versions = 1.0.6...

6.4CVSS5.7AI score0.00203EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/04/01 3:49 p.m.•3 views

WordPress pCloud Backup plugin <= 1.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin pCloud Backup versions = 1.0.1...

4.3CVSS8.5AI score0.00341EPSS

Exploits0Affected Software1

Cvelist•added 2024/10/26 2:31 a.m.•17 views

CVE-2024-10091 ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00196EPSS

Exploits0References2

Vulnrichment•added 2024/10/15 2:3 a.m.•12 views

CVE-2024-9687 WP 2FA with Telegram <= 3.0 - Authenticated (Subscriber+) Authentication Bypass

The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validatetg' action. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS8.5AI score0.00152EPSS

Exploits0References2

Cvelist•added 2024/08/01 9:29 a.m.•13 views

CVE-2024-6346 Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via redirectURL Parameter of Date Countdown Widget

The Gutenberg Blocks, Page Builder – ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00254EPSS

Exploits0References3

WPVulnDB•added 2024/04/23 12:0 a.m.•11 views

Mega Addons For Elementor < 1.9 - Missing Authorization

Description The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action...

5.4CVSS5.4AI score0.00107EPSS

Exploits0References1Affected Software1

Prion•added 2023/11/22 4:15 p.m.•11 views

Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2savepost function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4CVSS6.6AI score0.00111EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by