CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

261440 matches found

WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting

A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. id: CVE-2012-4242 info: name: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting author:...

4.3CVSS5.4AI score0.06071EPSS

Exploits3References4

Nuclei•added 15 hours ago•20 views

GRAND FlAGallery 1.57 - Cross-Site Scripting

A cross-site scripting XSS vulnerability in facebook.php in the GRAND FlAGallery plugin flash-album-gallery before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. id: CVE-2011-4624 info: name: GRAND FlAGallery 1.57 - Cross-Site Scripting...

4.3CVSS5.4AI score0.045EPSS

Exploits1References5

Nuclei•added 15 hours ago•17 views

Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting

The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues. id: CVE-2017-18558 info: name: Testimonials by BestWebSoft 0.1.9 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS...

6.1CVSS6.2AI score0.00097EPSS

Exploits1References4

Nuclei•added 15 hours ago•16 views

Error Log Viewer by BestWebSoft < 1.0.6 - Cross-Site Scripting

The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues. id: CVE-2017-18562 info: name: Error Log Viewer by BestWebSoft 1.0.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS...

6.1CVSS6.2AI score0.00097EPSS

Exploits1References4

Nuclei•added 15 hours ago•16 views

PromoBar by BestWebSoft < 1.1.1 - Cross-Site Scripting

The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18529 info: name: PromoBar by BestWebSoft 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.2AI score0.00059EPSS

Exploits1References4

Nuclei•added 15 hours ago•61 views

WordPress Site Editor <=1.1.1 - Local File Inclusion

WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajaxpath parameter to editor/extensions/pagebuilder/includes/ajaxshortcodepattern.php. id: CVE-2018-7422 info: name: WordPress Site Editor =1.1.1 - Local File Inclusion author: LuskaBol,0x240x23elu...

7.5CVSS7.4AI score0.89611EPSS

Exploits7References5

Nuclei•added 15 hours ago•16 views

WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting

A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. id: CVE-2011-5106 info: name: WordPress Plugin Flexible Custom Post Type 0.1.7 - Cross-Site...

4.3CVSS5.4AI score0.00989EPSS

Exploits1References5

Nuclei•added 15 hours ago•28 views

WordPress Sniplets 1.1.2 - Local File Inclusion

PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. id: CVE-2008-1059 info: name: WordPress Sniplets 1.1.2 - Local File Inclusion autho...

7.5CVSS6AI score0.00195EPSS

Exploits2References5

Nuclei•added 15 hours ago•29 views

WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload

WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the...

9.8CVSS8.3AI score0.67997EPSS

Exploits3References6

Nuclei•added 15 hours ago•29 views

WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting

WordPress Supsystic Contact Form plugin before 1.7.15 contains a cross-site scripting vulnerability. It does not sanitize the tab parameter of its options page before outputting it in an attribute. id: CVE-2021-24276 info: name: WordPress Supsystic Contact Form 1.7.15 - Cross-Site Scripting autho...

6.1CVSS6AI score0.08366EPSS

Exploits5References5

Nuclei•added 15 hours ago•44 views

WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection

WordPress Paid Memberships Pro plugin before 2.6.7 is susceptible to blind SQL injection. The plugin does not escape the discountcode in one of its REST routes before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

9.8CVSS8AI score0.7752EPSS

Exploits2References5

Nuclei•added 15 hours ago•17 views

SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs. id: CVE-2024-6846 info: name: SmartSearchWP = 2.4.4 - Unauthenticated Log Purge author: s4e-io severity: medium description: | Th...

5.3CVSS5.5AI score0.06306EPSS

Exploits1References2

Nuclei•added 15 hours ago•27 views

WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting

WordPress Embed Swagger plugin 1.0.0 and prior contains a reflected cross-site scripting vulnerability due to insufficient escaping/sanitization and validation via the url parameter found in the /swagger-iframe.php file, which allows attackers to inject arbitrary web scripts onto the page. id:...

6.1CVSS6.2AI score0.04389EPSS

Exploits2References5

Nuclei•added 15 hours ago•27 views

HTML Email Template Designer < 3.1 - Missing Authorization on Rest Route

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

8.3CVSS6.7AI score0.50353EPSS

Exploits3References5

Nuclei•added 15 hours ago•22 views

LearnPress <4.1.6 - Cross-Site Scripting

WordPress LearnPress plugin before 4.1.6 contains a cross-site scripting vulnerability. It does not sanitize and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action. id: CVE-2022-0271 info: name: LearnPress 4.1.6 - Cross-Site Scripting author:...

6.1CVSS6AI score0.04159EPSS

Exploits2References5

Nuclei•added 15 hours ago•17 views

WordPress Permalink Manager <2.2.15 - Cross-Site Scripting

WordPress Permalink Manager Lite and Pro plugins before 2.2.15 contain a reflected cross-site scripting vulnerability. They do not sanitize and escape query parameters before outputting them back in the debug page. id: CVE-2022-0201 info: name: WordPress Permalink Manager 2.2.15 - Cross-Site...

6.1CVSS6AI score0.17941EPSS

Exploits2References4

Nuclei•added 15 hours ago•25 views

WordPress Visual Form Builder <3.0.8 - Information Disclosure

WordPress Visual Form Builder plugin before 3.0.8 contains a information disclosure vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint. id: CVE-2022-0140 info: name:...

5.3CVSS5.9AI score0.12187EPSS

Exploits1References5

Nuclei•added 15 hours ago•30 views

WordPress White Label CMS <2.2.9 - Cross-Site Scripting

WordPress White Label CMS plugin before 2.2.9 contains a reflected cross-site scripting vulnerability. It does not sanitize and validate the wlcmslogincustomjs parameter before outputting it back in the response while previewing. id: CVE-2022-0422 info: name: WordPress White Label CMS 2.2.9 -...

6.1CVSS6AI score0.08413EPSS

Exploits2References5

Nuclei•added 15 hours ago•30 views

WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request id: CVE-2022-1595 info: name: WordPress HC Custom WP-Admin URL =1.5 to mitigate the vulnerability. reference: -...

5.3CVSS5.9AI score0.28084EPSS

Exploits2References3

Nuclei•added 15 hours ago•25 views

WordPress Videos sync PDF <=1.7.4 - Local File Inclusion

WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion. id: CVE-2022-1392 info: name: WordPress Videos sync PDF =1.7.5 or apply the vendor-provided patch to mitigate the vulnerability. reference...

7.5CVSS7.2AI score0.50891EPSS

Exploits2References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by