CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3459 matches found

WPVulnDB•added 2024/05/24 12:0 a.m.•16 views

Social Pixel <= 2.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to:...

5.3AI score0.00208EPSS

Exploits2

OSV•added 2024/05/23 6:15 a.m.•2 views

CVE-2024-3920

The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.8AI score

Exploits0References1

NVD•added 2024/05/23 6:15 a.m.•11 views

CVE-2024-3594

The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

8.7CVSS7.8AI score0.00995EPSS

Exploits2References1

OSV•added 2024/05/23 6:15 a.m.•3 views

CVE-2024-3594

8.7CVSS5.8AI score0.00995EPSS

Exploits2References1

OSV•added 2024/05/23 6:15 a.m.•3 views

CVE-2024-2220

The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.8AI score0.00276EPSS

Exploits2References1

Vulnrichment•added 2024/05/23 6:0 a.m.•12 views

CVE-2024-3920 Flattr <= 1.2.2 - Admin+ Stored XSS

5.6AI score0.00218EPSS

Exploits2References1

Cvelist•added 2024/05/23 6:0 a.m.•18 views

CVE-2024-3920 Flattr <= 1.2.2 - Admin+ Stored XSS

7.8AI score0.00218EPSS

Exploits2References1

Cvelist•added 2024/05/23 6:0 a.m.•19 views

CVE-2024-3594 IDonate <= 1.9.0 - Admin+ Stored XSS

7.8AI score0.00995EPSS

Exploits2References1

Vulnrichment•added 2024/05/23 6:0 a.m.•18 views

CVE-2024-2220 Button contact VR <= 4.7 - Admin+ Stored XSS

5.8AI score0.00276EPSS

Exploits2References1

WPVulnDB•added 2024/05/23 12:0 a.m.•11 views

Floating Chat Widget < 3.2.3 - Admin+ Stored XSS

5.4AI score0.00186EPSS

Exploits2References1Affected Software1

Positive Technologies•added 2024/05/23 12:0 a.m.•3 views

PT-2024-28384 · WordPress · Flattr Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Flattr WordPress plugin versions 1.2.2 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...

3.5CVSS5.4AI score0.00218EPSS

Exploits2References3

OSV•added 2024/05/22 8:15 a.m.•2 views

CVE-2023-6487

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.8AI score

Exploits0References2

NVD•added 2024/05/21 6:15 a.m.•17 views

CVE-2024-4061

The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.8AI score0.00428EPSS

Exploits2References1

OSV•added 2024/05/21 6:15 a.m.•4 views

CVE-2024-4061

4.8CVSS5.8AI score0.00428EPSS

Exploits2References1

NVD•added 2024/05/21 6:15 a.m.•10 views

CVE-2024-4290

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

7.1CVSS7.8AI score0.00182EPSS

Exploits2References1

OSV•added 2024/05/21 6:15 a.m.•1 views

CVE-2024-2189

The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example ...

6.1CVSS5.8AI score

Exploits0References1

Vulnrichment•added 2024/05/21 6:0 a.m.•15 views

CVE-2024-4290 Sailthru Triggermail <= 1.1 - Admin+ Stored XSS

5.6AI score0.00182EPSS

Exploits2References1

Vulnrichment•added 2024/05/21 6:0 a.m.•17 views

CVE-2024-4061 Survey Maker < 4.2.9 - Admin+ Stored XSS via Plugin Settings

5.6AI score0.00428EPSS

Exploits2References1