Export limit exceeded: 346990 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45615 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45615 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2936 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2025-02-07 | 6.4 Medium |
| The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users. | ||||
| CVE-2022-2935 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2025-02-07 | 6.4 Medium |
| The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users. | ||||
| CVE-2022-4022 | 1 Benbodhi | 1 Svg Support | 2025-02-07 | 6.4 Medium |
| The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SVG upload to only administrators. This allows authenticated attackers, with author-level privileges and higher, to upload malicious SVG files that can be embedded in posts and pages by higher privileged users. Additionally, the embedded JavaScript is also triggered on visiting the image URL, which allows an attacker to execute malicious code in browsers visiting that URL. | ||||
| CVE-2024-36371 | 1 Jetbrains | 1 Teamcity | 2025-02-07 | 4.6 Medium |
| In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible | ||||
| CVE-2019-15116 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | 6.1 Medium |
| The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging. | ||||
| CVE-2015-9520 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Per Product Emails | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Per Product Emails extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9521 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Pushover Notifications | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9522 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Qr Code | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9523 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Recommended Products | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9524 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Recount Earnings | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9525 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Recurring Payments | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9526 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Reviews | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9527 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Simple Shipping | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Simple Shipping extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9528 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Software Licensing | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Software Licensing extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9529 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Stripe | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Stripe extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9530 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Upload File | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9531 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Wish Lists | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9532 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Digital Store | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9533 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Lattice | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Lattice theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||
| CVE-2015-9534 | 2 Awesomemotive, Easydigitaldownloads | 2 Easy Digital Downloads, Quota | 2025-02-07 | 6.1 Medium |
| The Easy Digital Downloads (EDD) Quota theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | ||||