Export limit exceeded: 13985 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (13985 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-37950 1 Wordpress 1 Wordpress 2026-04-15 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodexHelp Master Popups allows Stored XSS.This issue affects Master Popups: from n/a through 1.0.3.
CVE-2024-37919 1 Wordpress 1 Wordpress 2026-04-15 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pratik Chaskar Timeline Module for Beaver Builder allows Stored XSS.This issue affects Timeline Module for Beaver Builder: from n/a through 1.1.3.
CVE-2024-37562 2 Bracketspace, Wordpress 2 Simple Post Notes, Wordpress 2026-04-15 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BracketSpace Simple Post Notes allows Stored XSS.This issue affects Simple Post Notes: from n/a through 1.7.7.
CVE-2024-37561 1 Wordpress 1 Wordpress 2026-04-15 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jamie Bergen Plugin Notes Plus allows Stored XSS.This issue affects Plugin Notes Plus: from n/a through 1.2.6.
CVE-2024-37254 2 Mndpsingh287, Wordpress 2 File Manager, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7.
CVE-2024-3681 1 Wordpress 2 Interactive World Maps, Wordpress 2026-04-15 6.1 Medium
The Interactive World Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search (s) parameter in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-3677 2 Tinyweb, Wordpress 2 Ultimate 410 Gone Status Code, Wordpress 2026-04-15 6.4 Medium
The Ultimate 410 Gone Status Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 410 entries in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-3670 1 Wordpress 1 Leaflet Maps Marker 2026-04-15 6.4 Medium
The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'mapwidthunit'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-3649 1 Wordpress 1 Contact Form Drag And Drop Form Builder 2026-04-15 5.3 Medium
The Contact Form by WPForms – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to price manipulation in versions up to, and including, 1.8.7.2. This is due to a lack of controls on several product parameters. This makes it possible for unauthenticated attackers to manipulate prices, product information, and quantities for purchases made via the Stripe payment integration.
CVE-2024-3595 1 Wordpress 1 Wordpress 2026-04-15 6.4 Medium
The Pure Chat – Live Chat Plugin & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the purechatwid and purechatwname parameter in all versions up to, and including, 2.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-35777 2 Automattic, Wordpress 2 Woocommerce, Wordpress 2026-04-15 3.5 Low
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2.
CVE-2024-35775 1 Wordpress 1 Wordpress 2026-04-15 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a through 2.7.6.
CVE-2024-35710 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3.
CVE-2024-35683 2 Teplitsa Of Social Technologies, Wordpress 2 Leyka, Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.1.
CVE-2024-35671 2 Minoji, Wordpress 2 Mj Update History, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Minoji MJ Update History.This issue affects MJ Update History: from n/a through 1.0.4.
CVE-2024-35643 1 Wordpress 1 Wordpress 2026-04-15 5.9 Medium
Cross Site Scripting (XSS) vulnerability in Xabier Miranda WP Back Button allows Stored XSS.This issue affects WP Back Button: from n/a through 1.1.3.
CVE-2024-35642 1 Wordpress 1 Wordpress 2026-04-15 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bryan Hadaway Site Favicon allows Stored XSS.This issue affects Site Favicon: from n/a through 0.2.
CVE-2024-35631 2 Foliovision, Wordpress 2 Fv Flowplayer Video Player, Wordpress 2026-04-15 7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.45.7212.
CVE-2024-3520 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tc_csca_patch_settings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber access and above, to add states or cities to the dropdown.
CVE-2024-35174 2 Flothemes, Wordpress 2 Flo Forms, Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42.