CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3448 matches found

WPVulnDB•added 2024/01/30 12:0 a.m.•14 views

Persian Fonts <= 1.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Navigate to:...

7.7AI score0.00257EPSS

Exploits2

OSV•added 2024/01/29 3:15 p.m.•0 views

CVE-2023-5956

The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score

Exploits0References1

Prion•added 2024/01/29 3:15 p.m.•22 views

Cross site scripting

4.3CVSS5.8AI score0.00081EPSS

Exploits2References1Affected Software1

Cvelist•added 2024/01/29 2:44 p.m.•19 views

CVE-2023-5956 Wp-Adv-Quiz <= 1.0.2 - Admin+ Stored XSS in Quiz Overview

5AI score0.00081EPSS

Exploits2References1

WPVulnDB•added 2024/01/29 12:0 a.m.•16 views

Chart Builder < 1.9.7 - Admin+ Stored XSS

5.9AI score

Exploits0References1Affected Software1

OSV•added 2024/01/27 4:15 a.m.•2 views

CVE-2024-0664

The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score0.00158EPSS

Exploits0References2

OSV•added 2024/01/27 4:15 a.m.•0 views

CVE-2023-6497

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

4.8CVSS5.9AI score

Exploits0References2

WPVulnDB•added 2024/01/26 12:0 a.m.•20 views

WP RSS Aggregator < 4.23.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.7AI score0.00206EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/01/26 12:0 a.m.•3 views

PT-2024-15694 · WordPress · Fluent Forms

Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress versions up to, and including, 5.1.5 Description: The issue is related to Stored Cross-Site Scripting via imported form titles du...

4.8CVSS5.4AI score0.00128EPSS

Exploits1References8

OSV•added 2024/01/25 3:15 a.m.•1 views

CVE-2024-0625

The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-optionscustomclass’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for...

4.8CVSS5.9AI score

Exploits0References3

WPVulnDB•added 2024/01/24 12:0 a.m.•28 views

FileBird < 5.6.1 - Admin+ Stored XSS

4.3CVSS5.6AI score0.00224EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/01/24 12:0 a.m.•2 views

PT-2024-15701 · WordPress · Wpfront Notification Bar

Name of the Vulnerable Software and Affected Versions: WPFront Notification Bar plugin for WordPress versions up to, and including, 3.3.2 Description: The issue is related to Stored Cross-Site Scripting via the wpfront-notification-bar-optionscustom class parameter due to insufficient input...

4.8CVSS5.4AI score0.00191EPSS

Exploits0References10

WPVulnDB•added 2024/01/24 12:0 a.m.•22 views

WebSub (FKA. PubSubHubbub) < 3.2.0 - Admin+ Stored XSS

4.3CVSS5.8AI score0.0012EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/01/24 12:0 a.m.•19 views

Content Views < 3.6.3 - Admin+ Stored XSS

4.3CVSS5.7AI score0.00235EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/01/23 12:0 a.m.•24 views

WolfNet IDX for WordPress <= 1.19.1 - Admin+ Stored XSS

7.8AI score0.00225EPSS

Exploits2

OSV•added 2024/01/22 8:15 p.m.•3 views

CVE-2023-6456

The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00089EPSS

Exploits1References1

OSV•added 2024/01/22 8:15 p.m.•3 views

CVE-2023-6626

The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

4.8CVSS5.8AI score

Exploits0References1

Prion•added 2024/01/22 8:15 p.m.•16 views

Cross site scripting

4.3CVSS5.9AI score0.00072EPSS

Exploits2References1Affected Software1