CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3450 matches found

WPVulnDB•added 2024/03/25 12:0 a.m.•13 views

Ultimate Noindex Nofollow Tool II < 1.3.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Settings Ultimate...

5.4AI score0.00253EPSS

Exploits2Affected Software1

WPVulnDB•added 2024/03/25 12:0 a.m.•16 views

Carousel Slider < 2.2.7 - Editor+ Stored XSS

5.4AI score0.00114EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2024/03/22 12:0 a.m.•16 views

Tracking Code Manager < 2.1.0 -Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.00123EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/03/21 12:0 a.m.•30 views

Advanced Access Manager < 6.9.21 - Admin+ Stored Cross-Site Scripting

5.9CVSS6AI score0.00068EPSS

Exploits0References1Affected Software1

OSV•added 2024/03/20 5:15 a.m.•1 views

CVE-2023-7246

The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks...

5.4CVSS5.8AI score

Exploits0References1

Cvelist•added 2024/03/20 5:0 a.m.•15 views

CVE-2023-7246 System Dashboard < 2.8.10 - XSS via Header Injection

6AI score0.02134EPSS

Exploits2References1

CNNVD•added 2024/03/20 12:0 a.m.•4 views

WordPress Plugin System Dashboard Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.9AI score0.02134EPSS

Exploits2References2

OSV•added 2024/03/19 3:15 p.m.•1 views

CVE-2024-1401

The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS7.3AI score

Exploits0References1

Vulnrichment•added 2024/03/19 2:28 p.m.•15 views

CVE-2024-1401 Profile Box Shortcode And Widget < 1.2.1 Admin+ Stored XSS

5.6AI score0.00229EPSS

Exploits2References1

Cvelist•added 2024/03/19 2:28 p.m.•19 views

CVE-2024-1401 Profile Box Shortcode And Widget < 1.2.1 Admin+ Stored XSS

5.5AI score0.00229EPSS

Exploits2References1

OSV•added 2024/03/18 7:15 p.m.•0 views

CVE-2024-0951

The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS7.3AI score

Exploits0References1

Vulnrichment•added 2024/03/18 7:5 p.m.•11 views

CVE-2024-0951 Advanced Social Feeds Widget & Shortcode <= 1.7 - Admin+ Stored XSS

5.4AI score0.00089EPSS

Exploits2References1

Cvelist•added 2024/03/18 7:5 p.m.•16 views

CVE-2024-0973 Widget for Social Page Feeds < 6.4 - Admin+ Stored XSS

The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.6AI score0.00127EPSS

Exploits2References1

Positive Technologies•added 2024/03/18 12:0 a.m.•3 views

PT-2024-15931 · WordPress · The Advanced Social Feeds Widget & Shortcode

Name of the Vulnerable Software and Affected Versions: The Advanced Social Feeds Widget & Shortcode WordPress plugin versions 1.7 and earlier Description: The issue concerns the lack of sanitization and escaping of some settings in the plugin, which could allow high-privilege users, such as admin...

4.8CVSS8.2AI score0.00089EPSS

Exploits2References5

WPVulnDB•added 2024/03/18 12:0 a.m.•16 views

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings

5.5AI score0.00079EPSS

Exploits2

WPVulnDB•added 2024/03/18 12:0 a.m.•20 views

Font Farsi <= 1.6.6 - Admin+ Stored XSS in Settings

4.9AI score0.00342EPSS

Exploits2

NVD•added 2024/03/15 8:15 p.m.•14 views

CVE-2024-27100

Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren't enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could...

6.5CVSS6.3AI score0.00089EPSS

Exploits0References2

Vulnrichment•added 2024/03/15 7:21 p.m.•27 views

CVE-2024-27100 Denial of service via Staff Actions in Discourse

6.5CVSS6.5AI score0.00089EPSS

Exploits0References2

Cvelist•added 2024/03/15 7:21 p.m.•30 views

CVE-2024-27100 Denial of service via Staff Actions in Discourse

6.5CVSS6.5AI score0.00089EPSS

Exploits0References2

Positive Technologies•added 2024/03/15 12:0 a.m.•2 views

PT-2024-21649 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta, and tests-passed versions Description: The issue affects the endpoints for suspending users, silencing users, and exporting CSV files, which do not enforce limits on the sizes of the...

6.5CVSS6.7AI score0.00089EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by