Export limit exceeded: 341845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341845 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29093 | 1 Motivian | 1 Content Management System | 2025-06-11 | 8.2 High |
| File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component. | ||||
| CVE-2025-29094 | 1 Motivian | 1 Content Management System | 2025-06-11 | 6.1 Medium |
| Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Marketing/Forms, Marketing/Offers and Content/Pages components. | ||||
| CVE-2023-6561 | 1 Fifu | 1 Featured Image From Url | 2025-06-11 | 6.4 Medium |
| The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2022-3836 | 1 Seedwebs | 1 Seed Social | 2025-06-11 | 4.8 Medium |
| The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-1617 | 1 Usabilitydynamics | 1 Wp-invoice | 2025-06-11 | 6.1 Medium |
| The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them | ||||
| CVE-2023-50166 | 1 Pega | 1 Platform | 2025-06-11 | 6.1 Medium |
| Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | ||||
| CVE-2024-12722 | 1 Mohsinrasool | 1 Twitter Bootstrap Collapse Aka Accordian Shortcode | 2025-06-11 | 5.4 Medium |
| The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-12724 | 1 Codeflock | 1 Wp Desklite | 2025-06-11 | 6.1 Medium |
| The WP DeskLite WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-12725 | 1 Smartdatasoft | 1 Clasify Classified Listing | 2025-06-11 | 6.1 Medium |
| The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-12726 | 1 Takien | 1 Clipart | 2025-06-11 | 6.1 Medium |
| The ClipArt WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2023-7204 | 1 Wp-staging | 1 Wp Staging | 2025-06-11 | 7.5 High |
| The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides | ||||
| CVE-2023-6991 | 1 Surniaulula | 1 Jsm File Get Contents\(\) Shortcode | 2025-06-11 | 8.8 High |
| The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks. | ||||
| CVE-2023-6946 | 1 Unalignedcode | 1 Autotitle | 2025-06-11 | 8.8 High |
| The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | ||||
| CVE-2023-6824 | 1 Marvinlabs | 1 Wp Customer Area | 2025-06-11 | 6.5 Medium |
| The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address. | ||||
| CVE-2023-6623 | 1 Wpdeveloper | 1 Essential Blocks | 2025-06-11 | 9.8 Critical |
| The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks. | ||||
| CVE-2023-6456 | 1 Ljapps | 1 Wp Review Slider | 2025-06-11 | 4.8 Medium |
| The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-6384 | 1 Wp-eventmanager | 1 User Profile Avatar | 2025-06-11 | 4.3 Medium |
| The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar | ||||
| CVE-2023-6373 | 1 Artplacer | 1 Artplacer Widget | 2025-06-11 | 8.8 High |
| The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor (or above) | ||||
| CVE-2023-6340 | 1 Sonicwall | 2 Capture Client, Netextender | 2025-06-11 | 5.5 Medium |
| SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability. | ||||
| CVE-2023-6271 | 1 Backupbliss | 1 Backup Migration | 2025-06-11 | 7.5 High |
| The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups. | ||||