Export limit exceeded: 351327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45999 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45999 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-57776 | 1 Jfinaloa Project | 1 Jfinaloa | 2025-05-17 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-57774 | 1 Jfinaloa Project | 1 Jfinaloa | 2025-05-17 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-57773 | 1 Jfinaloa Project | 1 Jfinaloa | 2025-05-17 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-57771 | 1 Jfinaloa Project | 1 Jfinaloa | 2025-05-17 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-57772 | 1 Jfinaloa Project | 1 Jfinaloa | 2025-05-17 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-12587 | 1 Edmonparker | 1 Contact Form Master | 2025-05-17 | 6.1 Medium |
| The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-12715 | 1 Outself | 1 Asgard Security Scanner | 2025-05-17 | 6.1 Medium |
| The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-12714 | 1 Syedfakharabbas | 1 Backlink Monitoring Manager | 2025-05-17 | 6.1 Medium |
| The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-10568 | 1 Wp-dreams | 1 Ajax Search | 2025-05-17 | 4.7 Medium |
| The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-10518 | 1 Properfraction | 1 Profilepress | 2025-05-17 | 4.8 Medium |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-10517 | 1 Properfraction | 1 Profilepress | 2025-05-17 | 4.8 Medium |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-11841 | 1 Jordangillman | 1 Tithe.ly Giving Button | 2025-05-17 | 5.4 Medium |
| The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-7313 | 1 Getshieldsecurity | 1 Shield Security | 2025-05-17 | 6.1 Medium |
| The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-6879 | 1 Expresstech | 1 Quiz And Survey Master | 2025-05-17 | 4.7 Medium |
| The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks. | ||||
| CVE-2024-3282 | 1 Wptablebuilder | 1 Wp Table Builder | 2025-05-17 | 4.8 Medium |
| The WP Table Builder WordPress plugin through 1.5.0 does not sanitise and escape some of its Table data, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-11107 | 1 Bowo | 1 System Dashboard | 2025-05-17 | 6.1 Medium |
| The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. | ||||
| CVE-2024-10893 | 1 Wpbookingcalendar | 1 Wp Booking Calendar | 2025-05-17 | 4.8 Medium |
| The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-9934 | 2 Aueda, Silkypress | 2 Wp-imagezoom, Wp Image Zoom | 2025-05-17 | 6.1 Medium |
| The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-5429 | 1 Logichunt | 1 Logo Slider | 2025-05-17 | 7.6 High |
| The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-7891 | 2 Christoph Nagel, Just-a-web-developer | 2 Floating Contact Button, Floating Contact Button | 2025-05-16 | 4.8 Medium |
| The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||