CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3448 matches found

WPVulnDB•added 2024/01/19 12:0 a.m.•24 views

GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "GigPress Settings" 2...

4.9AI score0.00159EPSS

Exploits2

NVD•added 2024/01/16 4:15 p.m.•6 views

CVE-2023-7154

The Hubbub Lite formerly Grow Social WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS4.7AI score0.00171EPSS

Exploits2References1

OSV•added 2024/01/16 4:15 p.m.•1 views

CVE-2023-7154

4.8CVSS5.8AI score0.00171EPSS

Exploits2References1

OSV•added 2024/01/16 4:15 p.m.•3 views

CVE-2023-6005

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

4.8CVSS5.8AI score0.00198EPSS

Exploits2References1

OSV•added 2024/01/16 4:15 p.m.•1 views

CVE-2023-3647

The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00198EPSS

Exploits2References1

NVD•added 2024/01/16 4:15 p.m.•10 views

CVE-2022-3829

The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00198EPSS

Exploits2References1

OSV•added 2024/01/16 4:15 p.m.•3 views

CVE-2022-3829

4.8CVSS5.8AI score0.00198EPSS

Exploits2References1

OSV•added 2024/01/16 4:15 p.m.•3 views

CVE-2023-0389

The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

4.8CVSS5.8AI score0.00191EPSS

Exploits2References1

NVD•added 2024/01/16 4:15 p.m.•11 views

CVE-2022-3836

The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00198EPSS

Exploits2References1

OSV•added 2024/01/16 4:15 p.m.•1 views

CVE-2022-3836

4.8CVSS5.8AI score

Exploits0References1

Prion•added 2024/01/16 4:15 p.m.•20 views

Cross site scripting

4.3CVSS6AI score0.00198EPSS

Exploits2References1Affected Software1

Prion•added 2024/01/16 4:15 p.m.•15 views

Cross site scripting

4.3CVSS5.9AI score0.00198EPSS

Exploits2References1Affected Software1

Prion•added 2024/01/16 4:15 p.m.•15 views

Cross site scripting

4.3CVSS5.9AI score0.00191EPSS

Exploits2References1Affected Software1

Prion•added 2024/01/16 4:15 p.m.•16 views

Cross site scripting

4.3CVSS5.9AI score0.00171EPSS

Exploits2References1Affected Software1

Prion•added 2024/01/16 4:15 p.m.•17 views

Cross site scripting

4.3CVSS5.9AI score0.00198EPSS

Exploits2References1Affected Software1

Vulnrichment•added 2024/01/16 3:56 p.m.•22 views

CVE-2023-0389 Calculated Fields Form < 1.1.151 - Admin+ Stored Cross-Site Scripting via Dropdown Fields

5.6AI score0.00191EPSS

Exploits2References1

Cvelist•added 2024/01/16 3:54 p.m.•15 views

CVE-2023-3647 IURNY by INDIGITALL < 3.2.3 - Admin+ Stored XSS

5AI score0.00198EPSS

Exploits2References1

Positive Technologies•added 2024/01/16 12:0 a.m.•6 views

PT-2024-11610 · WordPress · Font Awesome 4 Menus

Name of the Vulnerable Software and Affected Versions: Font Awesome 4 Menus WordPress plugin versions prior to 4.7.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

4.8CVSS4.6AI score0.00198EPSS

Exploits2References5

Positive Technologies•added 2024/01/16 12:0 a.m.•3 views

PT-2024-12556 · Indigitall · Iurny

Name of the Vulnerable Software and Affected Versions: The IURNY by INDIGITALL WordPress plugin versions prior to 3.2.3 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

4.8CVSS5.2AI score0.00198EPSS

Exploits2References4

Positive Technologies•added 2024/01/16 12:0 a.m.•6 views

PT-2024-11922 · WordPress · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form WordPress plugin versions prior to 1.1.151 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

4.8CVSS5.3AI score0.00191EPSS

Exploits2References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by