Export limit exceeded: 11789 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11789 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31257 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formsite Formsite | Embed online forms to collect orders, registrations, leads, and surveys allows Stored XSS.This issue affects Formsite | Embed online forms to collect orders, registrations, leads, and surveys: from n/a through 1.6. | ||||
| CVE-2024-29910 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through 0.9.2. | ||||
| CVE-2023-28165 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28. | ||||
| CVE-2024-32080 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Pelton Search Keyword Redirect allows Stored XSS.This issue affects Search Keyword Redirect: from n/a through 1.0. | ||||
| CVE-2024-29143 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs, sareiodata Passwordless Login passwordless-login allows Stored XSS.This issue affects Passwordless Login: from n/a through 1.1.2. | ||||
| CVE-2023-48753 | 2 10up, Wordpress | 2 Restricted Site Access, Wordpress | 2025-07-12 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Restricted Site Access: from n/a through 7.4.1. | ||||
| CVE-2023-49839 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KlbTheme Cosmetsy theme (core plugin), KlbTheme Partdo theme (core plugin), KlbTheme Bacola theme (core plugin), KlbTheme Medibazar theme (core plugin), KlbTheme Furnob theme (core plugin), KlbTheme Clotya theme (core plugin) allows Reflected XSS.This issue affects Cosmetsy theme (core plugin): from n/a through 1.3.0; Partdo theme (core plugin): from n/a through 1.0.9; Bacola theme (core plugin): from n/a through 1.3.3; Medibazar theme (core plugin): from n/a through 1.2.3; Furnob theme (core plugin): from n/a through 1.1.7; Clotya theme (core plugin): from n/a through 1.1.5. | ||||
| CVE-2023-28416 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Sparkle Themes Chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through 1.0.5. | ||||
| CVE-2024-37931 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Creativthemes Point allows Cross Site Request Forgery.This issue affects Point: from n/a through 1.1. | ||||
| CVE-2023-39995 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Portfolio and Projects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio and Projects: from n/a through 1.3.7. | ||||
| CVE-2024-38695 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Martin Gibson WP GoToWebinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP GoToWebinar: from n/a through 15.6. | ||||
| CVE-2023-27625 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0. | ||||
| CVE-2024-32570 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Cornerstone allows Reflected XSS.This issue affects Cornerstone: from n/a through 0.8.0. | ||||
| CVE-2024-34416 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1. | ||||
| CVE-2023-48763 | 2 Crocoblock, Wordpress | 2 Jetformbuilder, Wordpress | 2025-07-12 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4. | ||||
| CVE-2024-24719 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9. | ||||
| CVE-2024-11093 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.5 Medium |
| The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2024-32955 | 2 Foliovision, Wordpress | 2 Fv Flowplayer Video Player, Wordpress | 2025-07-12 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.43.7212. | ||||
| CVE-2024-29140 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Manning MJM Clinic allows Stored XSS.This issue affects MJM Clinic: from n/a through 1.1.22. | ||||
| CVE-2024-30452 | 2 Pluginops, Wordpress | 2 Landing Page Builder, Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Stored XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.7. | ||||