Export limit exceeded: 332362 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (332362 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0337 | 1 Travelpayouts | 1 Travelpayouts | 2025-05-05 | 6.1 Medium |
| The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | ||||
| CVE-2021-34652 | 1 Meowapps | 1 Media Usage | 2025-05-05 | 6.1 Medium |
| The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4. | ||||
| CVE-2021-34649 | 1 Simple-behace-portfolio Project | 1 Simple-behace-portfolio | 2025-05-05 | 6.1 Medium |
| The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dark` parameter in the ~/titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2. | ||||
| CVE-2021-34653 | 1 Wp Fountain Project | 1 Wp Fountain | 2025-05-05 | 6.1 Medium |
| The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/wp-fountain.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.9. | ||||
| CVE-2021-34654 | 1 Custom Post Type Relations Project | 1 Custom Post Type Relations | 2025-05-05 | 6.1 Medium |
| The Custom Post Type Relations WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the cptr[name] parameter found in the ~/pages/admin-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | ||||
| CVE-2024-0856 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-05-05 | 8.8 High |
| The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying. | ||||
| CVE-2024-1983 | 1 Plugin-planet | 1 Simple Ajax Chat | 2025-05-05 | 7.1 High |
| The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. | ||||
| CVE-2021-34651 | 1 Scribblemaps | 1 Scribble Maps | 2025-05-05 | 6.1 Medium |
| The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the ~/includes/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | ||||
| CVE-2021-34656 | 1 Videowhisper | 1 2way Videocalls And Random Chat | 2025-05-05 | 6.1 Medium |
| The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `vws_notice` function found in the ~/inc/requirements.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.2.7. | ||||
| CVE-2021-34657 | 1 Typofr Project | 1 Typofr | 2025-05-05 | 6.1 Medium |
| The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the ~/vendor/Org_Heigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.11. | ||||
| CVE-2021-34666 | 1 Add Sidebar Project | 1 Add Sidebar | 2025-05-05 | 6.1 Medium |
| The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the add parameter in the ~/wp_sidebarMenu.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.0. | ||||
| CVE-2021-34667 | 1 Calendar Plugin Project | 1 Calendar Plugin | 2025-05-05 | 6.1 Medium |
| The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of `$_SERVER['PHP_SELF']` in the ~/calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | ||||
| CVE-2021-34641 | 1 Seopress | 1 Seopress | 2025-05-05 | 6.4 Medium |
| The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the ~/src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3. | ||||
| CVE-2025-29316 | 2025-05-05 | 6.2 Medium | ||
| An issue in DataPatrol Screenshot watermark, printing watermark agent v.3.5.2.0 allows a physically proximate attacker to obtain sensitive information. NOTE: the Supplier disputes the Print Job Watermark Bypass claim because the watermark is added by hooking into the OS printing mechanism, and thus is not supposed to be visible when previewing a "generated printout" on screen. The Supplier disputes the Screenshot Watermark Bypass claim because the product's documentation explains the step of setting Developer Tools to Disallowed through AD Group Policy. | ||||
| CVE-2022-43351 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-05-05 | 6.5 Medium |
| Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | ||||
| CVE-2022-43350 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-05-05 | 7.2 High |
| Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry. | ||||
| CVE-2022-43319 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2025-05-05 | 7.5 High |
| An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. | ||||
| CVE-2022-43306 | 1 Democritus | 1 D8s-timer | 2025-05-05 | 8.8 High |
| The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0. | ||||
| CVE-2022-43305 | 1 Democritus | 1 D8s-python | 2025-05-05 | 9.8 Critical |
| The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0. | ||||
| CVE-2022-43304 | 1 Democritus | 1 D8s-timer | 2025-05-05 | 9.8 Critical |
| The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. | ||||