Export limit exceeded: 341173 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341173 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47650 | 2 Axton, Wordpress | 2 Wp-webauthn, Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axton WP-WebAuthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through 1.3.1. | ||||
| CVE-2024-53714 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Arrow Design Continue Shopping From Cart allows Stored XSS.This issue affects Continue Shopping From Cart: from n/a through 1.3. | ||||
| CVE-2025-30986 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in _CreativeMedia_ Elite Video Player allows Cross Site Request Forgery. This issue affects Elite Video Player: from n/a through 10.0.5. | ||||
| CVE-2024-31376 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.3.1. | ||||
| CVE-2024-11901 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.4 Medium |
| The PowerBI Embed Reports plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MO_API_POWER_BI' shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-47605 | 1 Silverstripe | 2 Asset Admin, Framework | 2025-07-12 | 5.4 Medium |
| silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-34760 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockart Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.6. | ||||
| CVE-2025-23830 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jobair JB Horizontal Scroller News Ticker allows DOM-Based XSS.This issue affects JB Horizontal Scroller News Ticker: from n/a through 1.0. | ||||
| CVE-2024-4462 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.4 Medium |
| The Nafeza Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2025-32279 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Shahjada Live Forms. This issue affects Live Forms: from n/a through 4.8.5. | ||||
| CVE-2024-51636 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Z.com by GMO GMO Social Connection allows Cross-Site Scripting (XSS). This issue affects GMO Social Connection: from n/a through 1.2. | ||||
| CVE-2025-30553 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Z.com byGMO GMO Font Agent allows Stored XSS. This issue affects GMO Font Agent: from n/a through 1.6. | ||||
| CVE-2025-1228 | 1 Olajowon | 1 Loggrove | 2025-07-12 | 4.3 Medium |
| A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOG_Monitor of the component Logfile Update Handler. The manipulation of the argument path leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2024-37181 | 1 Intel | 1 Neural Compressor Software | 2025-07-12 | 2.6 Low |
| Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access. | ||||
| CVE-2024-13376 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2025-32529 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iONE360 iONE360 configurator allows Reflected XSS. This issue affects iONE360 configurator: from n/a through 2.0.56. | ||||
| CVE-2024-51810 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in George Lewe Lewe Bootstrap Visuals allows Stored XSS.This issue affects Lewe Bootstrap Visuals: from n/a through 2.2.2. | ||||
| CVE-2024-25917 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1. | ||||
| CVE-2025-46523 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devignstudiosltd COVID-19 (Coronavirus) Update Your Customers allows Stored XSS. This issue affects COVID-19 (Coronavirus) Update Your Customers: from n/a through 1.5.1. | ||||
| CVE-2024-34549 | 2 Automattic, Wordpress | 2 Wp Job Manager, Wordpress | 2025-07-12 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.2.2. | ||||