Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (27 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2023-25992 1 Cminds 1 Cm Answers 2025-01-10 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM Answers plugin <= 3.1.9 versions.
CVE-2024-5004 1 Cminds 1 Cm Popup 2024-11-21 4.8 Medium
The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
CVE-2021-24678 1 Cminds 1 Tooltip Glossary 2024-11-21 5.4 Medium
The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scripting attacks
CVE-2020-27344 1 Cminds 1 Cm Download Manager 2024-11-21 6.1 Medium
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.
CVE-2020-24146 1 Cminds 1 Cm Download Manager 2024-11-21 8.1 High
Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action.
CVE-2020-24145 1 Cminds 1 Cm Download Manager 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action.
CVE-2024-5799 2 Cminds, Creativemindssolutions 2 Cm Popup, Cm Pop-up Banners 2024-09-26 4.8 Medium
The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.