Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (26 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2024-23503 1 Wpmanageninja 1 Ninja Tables 2024-11-21 4.3 Medium
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6.
CVE-2023-51547 1 Wpmanageninja 1 Fluent Support 2024-11-21 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin: from n/a through 1.7.6.
CVE-2022-2559 1 Wpmanageninja 1 Fluent Support 2024-11-21 7.2 High
The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users
CVE-2022-2544 1 Wpmanageninja 1 Ninja Job Board 2024-11-21 7.5 High
The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes.
CVE-2021-24900 1 Wpmanageninja 1 Ninja Tables 2024-11-21 4.8 Medium
The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVE-2021-24528 1 Wpmanageninja 1 Fluentsmtp 2024-11-21 5.4 Medium
The FluentSMTP WordPress plugin before 2.0.1 does not sanitize parameters before storing the settings in the database, nor does the plugin escape the values before outputting them when viewing the SMTP settings set by this plugin, leading to a stored cross site scripting (XSS) vulnerability. Only users with roles capable of managing plugins can modify the plugin's settings.