Export limit exceeded: 364840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364840 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34643 | 1 Skaut-bazar Project | 1 Skaut-bazar | 2025-05-05 | 6.1 Medium |
| The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2. | ||||
| CVE-2023-7246 | 1 Bowo | 1 System Dashboard | 2025-05-05 | 5.4 Medium |
| The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks | ||||
| CVE-2021-34644 | 1 Multiplayer-plugin Project | 1 Multiplayer-plugin | 2025-05-05 | 6.1 Medium |
| The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7. | ||||
| CVE-2021-34642 | 1 Followistic | 1 Smart Email Alerts | 2025-05-05 | 6.1 Medium |
| The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the api_key in the ~/views/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.10. | ||||
| CVE-2024-0337 | 1 Travelpayouts | 1 Travelpayouts | 2025-05-05 | 6.1 Medium |
| The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | ||||
| CVE-2021-34652 | 1 Meowapps | 1 Media Usage | 2025-05-05 | 6.1 Medium |
| The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4. | ||||
| CVE-2021-34649 | 1 Simple-behace-portfolio Project | 1 Simple-behace-portfolio | 2025-05-05 | 6.1 Medium |
| The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dark` parameter in the ~/titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2. | ||||
| CVE-2021-34653 | 1 Wp Fountain Project | 1 Wp Fountain | 2025-05-05 | 6.1 Medium |
| The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/wp-fountain.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.9. | ||||
| CVE-2021-34654 | 1 Custom Post Type Relations Project | 1 Custom Post Type Relations | 2025-05-05 | 6.1 Medium |
| The Custom Post Type Relations WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the cptr[name] parameter found in the ~/pages/admin-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | ||||
| CVE-2024-0856 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-05-05 | 8.8 High |
| The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying. | ||||
| CVE-2024-1983 | 1 Plugin-planet | 1 Simple Ajax Chat | 2025-05-05 | 7.1 High |
| The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. | ||||
| CVE-2021-34651 | 1 Scribblemaps | 1 Scribble Maps | 2025-05-05 | 6.1 Medium |
| The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the ~/includes/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | ||||
| CVE-2021-34656 | 1 Videowhisper | 1 2way Videocalls And Random Chat | 2025-05-05 | 6.1 Medium |
| The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `vws_notice` function found in the ~/inc/requirements.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.2.7. | ||||
| CVE-2021-34657 | 1 Typofr Project | 1 Typofr | 2025-05-05 | 6.1 Medium |
| The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the ~/vendor/Org_Heigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.11. | ||||
| CVE-2021-34666 | 1 Add Sidebar Project | 1 Add Sidebar | 2025-05-05 | 6.1 Medium |
| The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the add parameter in the ~/wp_sidebarMenu.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.0. | ||||
| CVE-2021-34667 | 1 Calendar Plugin Project | 1 Calendar Plugin | 2025-05-05 | 6.1 Medium |
| The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of `$_SERVER['PHP_SELF']` in the ~/calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | ||||
| CVE-2021-34641 | 1 Seopress | 1 Seopress | 2025-05-05 | 6.4 Medium |
| The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the ~/src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3. | ||||
| CVE-2022-43351 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-05-05 | 6.5 Medium |
| Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | ||||
| CVE-2022-43350 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-05-05 | 7.2 High |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry. | ||||
| CVE-2022-43319 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2025-05-05 | 7.5 High |
| An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. | ||||