CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3448 matches found

Prion•added 2024/02/27 9:15 a.m.•14 views

Cross site scripting

The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00257EPSS

Exploits2References1

Vulnrichment•added 2024/02/27 8:30 a.m.•18 views

CVE-2024-1106 Shariff Wrapper < 4.6.10 - Admin+ Stored XSS

The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.3AI score0.00312EPSS

Exploits2References1

Cvelist•added 2024/02/27 8:30 a.m.•12 views

CVE-2024-1106 Shariff Wrapper < 4.6.10 - Admin+ Stored XSS

5.5AI score0.00312EPSS

Exploits2References1

Vulnrichment•added 2024/02/27 8:30 a.m.•11 views

CVE-2023-7115 PageLayer < 1.8.1 - Admin+ Stored XSS

The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4AI score0.00187EPSS

Exploits2References1

Cvelist•added 2024/02/27 8:30 a.m.•15 views

CVE-2023-7115 PageLayer < 1.8.1 - Admin+ Stored XSS

5.6AI score0.00187EPSS

Exploits2References1

WPVulnDB•added 2024/02/27 12:0 a.m.•18 views

Chat Bubble <= 2.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.0019EPSS

Exploits0References1

WPVulnDB•added 2024/02/27 12:0 a.m.•16 views

Profile Box Shortcode And Widget < 1.2.1 - Admin+ Stored XSS

5.3AI score0.00229EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2024/02/21 12:0 a.m.•18 views

YARPP < 5.30.10 - Admin+ Stored XSS

4.4CVSS5.4AI score0.0017EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2024/02/21 12:0 a.m.•21 views

Widget for Social Page Feeds < 6.4 - Admin+ Stored XSS

7.2AI score0.00127EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2024/02/20 12:0 a.m.•14 views

Password Protected < 2.6.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape its Google Captcha Site Key settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.9AI score0.00279EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/02/20 12:0 a.m.•3 views

PT-2024-15681 · WordPress · Yarpp

Name of the Vulnerable Software and Affected Versions: YARPP – Yet Another Related Posts Plugin versions up to, and including, 5.30.9 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

4.4CVSS5AI score0.0017EPSS

Exploits1References6

Positive Technologies•added 2024/02/20 12:0 a.m.•3 views

PT-2024-15723 · WordPress · The Password Protected – Ultimate Plugin To Password Protect Your Wordpress Content With Ease

Name of the Vulnerable Software and Affected Versions: The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress versions up to, and including, 2.6.6 Description: The issue is related to Stored Cross-Site Scripting via the Google Captcha Si...

4.8CVSS5AI score0.00279EPSS

Exploits0References5

WPVulnDB•added 2024/02/13 12:0 a.m.•30 views

Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

5.1AI score0.00319EPSS

Exploits2References1Affected Software1

NVD•added 2024/02/12 4:15 p.m.•12 views

CVE-2023-6081

The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS5.3AI score0.00143EPSS

Exploits2References2

NVD•added 2024/02/12 4:15 p.m.•11 views

CVE-2023-6294

The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations...

7.5CVSS6.3AI score0.00328EPSS

Exploits2References1

OSV•added 2024/02/12 4:15 p.m.•1 views

CVE-2023-6081

5.4CVSS5.8AI score0.00143EPSS

Exploits2References2

NVD•added 2024/02/12 4:15 p.m.•13 views

CVE-2023-7233

The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.4AI score0.00159EPSS

Exploits2References1

OSV•added 2024/02/12 4:15 p.m.•0 views

CVE-2023-6294

7.2CVSS5.8AI score

Exploits0References1

OSV•added 2024/02/12 4:15 p.m.•1 views

CVE-2023-7233

4.8CVSS5.8AI score

Exploits0References1

OSV•added 2024/02/12 4:15 p.m.•0 views

CVE-2023-6082