Export limit exceeded: 364989 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364989 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13619 | 1 Lifterlms | 1 Lifterlms | 2025-06-10 | 6.1 Medium |
| The LifterLMS WordPress plugin before 8.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13621 | 1 Data443 | 1 Gdpr Framework | 2025-06-10 | 4.8 Medium |
| The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13727 | 1 Memberspace | 1 Memberspace | 2025-06-10 | 6.1 Medium |
| The MemberSpace WordPress plugin before 2.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | ||||
| CVE-2024-13823 | 1 Yofla | 1 360 Product Rotation | 2025-06-10 | 6.1 Medium |
| The 360 Product Rotation WordPress plugin through 1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | ||||
| CVE-2024-13828 | 1 Danielpowney | 1 Badgearoo | 2025-06-10 | 6.1 Medium |
| The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-12770 | 1 Technowich | 1 Wp Ulike | 2025-06-10 | 4.8 Medium |
| The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-12800 | 1 Brijeshk89 | 1 Ip Based Login | 2025-06-10 | 4.8 Medium |
| The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-37262 | 1 Vcita | 1 Online Booking \& Scheduling Calendar | 2025-06-10 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.2. | ||||
| CVE-2023-39992 | 1 Vcita | 1 Online Booking \& Scheduling Calendar | 2025-06-10 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.3.2 versions. | ||||
| CVE-2024-12808 | 1 Wedevs | 1 Wp Erp | 2025-06-10 | 4.8 Medium |
| The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13313 | 1 Aweber | 1 Aweber | 2025-06-10 | 4.8 Medium |
| The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-3345 | 1 Themegrill | 1 Masteriyo | 2025-06-10 | 6.5 Medium |
| The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students | ||||
| CVE-2024-12743 | 1 Automattic | 1 Mailpoet | 2025-06-10 | 4.8 Medium |
| The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-4653 | 1 Wpsoul | 1 Greenshift | 2025-06-10 | 5.4 Medium |
| The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | ||||
| CVE-2023-0378 | 1 Wpsoul | 1 Greenshift | 2025-06-10 | 6.8 Medium |
| The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-22707 | 1 Wpsoul | 1 Greenshift | 2025-06-10 | 5.9 Medium |
| Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Greenshift – animation and page builder blocks plugin <= 4.9.9 versions. | ||||
| CVE-2025-5945 | 2025-06-10 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-45479 | 1 Apache | 1 Ranger | 2025-06-10 | 9.1 Critical |
| SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. | ||||
| CVE-2024-45478 | 1 Apache | 1 Ranger | 2025-06-10 | 4.8 Medium |
| Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. | ||||
| CVE-2024-2318 | 1 Zkteco | 1 Zkbio Media | 2025-06-10 | 4.3 Medium |
| A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.3 Build 2025-05-26-1605 is able to address this issue. It is recommended to upgrade the affected component. | ||||