Export limit exceeded: 341651 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341651 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5488 | 1 Seopress | 1 Seopress | 2025-05-21 | 9.8 Critical |
| The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present. | ||||
| CVE-2024-3410 | 1 Digireturn | 1 Footer Contacts Bar | 2025-05-21 | 4.3 Medium |
| The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-4057 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-05-21 | 6.1 Medium |
| The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-0757 | 1 Elearningfreak | 1 Insert Or Embed Articulate Content | 2025-05-21 | 5.4 Medium |
| The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files | ||||
| CVE-2024-4469 | 1 Wp-staging | 1 Wp Staging | 2025-05-21 | 7.5 High |
| The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. | ||||
| CVE-2024-3937 | 1 Info-d-74 | 1 Playlist For Youtube | 2025-05-21 | 4.8 Medium |
| The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3921 | 1 Takahashifumiki | 1 Gianism | 2025-05-21 | 4.8 Medium |
| The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3050 | 1 Geminilabs | 1 Site Reviews | 2025-05-21 | 9.1 Critical |
| The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking | ||||
| CVE-2024-3939 | 1 Metaphorcreations | 1 Ditty | 2025-05-21 | 5.4 Medium |
| The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3920 | 1 Flattr | 1 Flattr | 2025-05-21 | 3.5 Low |
| The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3918 | 1 Dianakcury | 1 Pet Manager | 2025-05-21 | 4.8 Medium |
| The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-3917 | 1 Dianakcury | 1 Pet Manager | 2025-05-21 | 6.1 Medium |
| The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-3594 | 1 Themeatelier | 1 Idonate | 2025-05-21 | 8.7 High |
| The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-4290 | 2 Jontasc, Jontascher | 2 Sailthru Triggermail, Sailthru Triggermail | 2025-05-21 | 7.1 High |
| The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-4289 | 1 Jontasc | 1 Sailthru Triggermail | 2025-05-21 | 6.1 Medium |
| The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-13119 | 1 Properfraction | 1 Profilepress | 2025-05-21 | 4.8 Medium |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-2189 | 1 Wpzoom | 1 Social Icons Widget | 2025-05-21 | 6.1 Medium |
| The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3368 | 1 Aioseo | 1 All In One Seo | 2025-05-21 | 6.1 Medium |
| The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-2744 | 1 Imagely | 1 Nextgen Gallery | 2025-05-21 | 4.3 Medium |
| The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-13120 | 1 Properfraction | 1 Profilepress | 2025-05-21 | 4.8 Medium |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||