CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3448 matches found

OSV•added 2024/01/01 3:15 p.m.•1 views

CVE-2023-6037

The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score

Exploits0References1

Prion•added 2024/01/01 3:15 p.m.•16 views

Cross site scripting

4.3CVSS5.9AI score0.00089EPSS

Exploits2References1Affected Software1

wpexploit•added 2023/12/29 12:0 a.m.•155 views

WP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCE

Description The plugin accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code...

7.2CVSS7.2AI score0.03529EPSS

Exploits2

WPVulnDB•added 2023/12/28 12:0 a.m.•15 views

Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Form Customizer: 1. Navigate to...

4.8CVSS4.9AI score0.00072EPSS

Exploits2Affected Software1

Prion•added 2023/12/26 7:15 p.m.•24 views

Cross site scripting

The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.8AI score0.00081EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2023/12/26 12:0 a.m.•19 views

Ultimate Dashboard < 3.7.12 - Admin+ Stored XSS

5.9CVSS5.4AI score0.00116EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2023/12/26 12:0 a.m.•15 views

WP Review Slider < 13.0 - Admin+ Stored XSS

4.8CVSS5AI score0.00089EPSS

Exploits1Affected Software1

WPVulnDB•added 2023/12/26 12:0 a.m.•30 views

Menu Image, Icons made easy < 3.11 - Admin+ Stored XSS

5.9CVSS4.7AI score0.00116EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/12/23 12:0 a.m.•25 views

Accredible Certificates & Open Badges < 1.4.9 - Admin+ Stored XSS

5.9CVSS5.3AI score0.00105EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/12/23 12:0 a.m.•22 views

Multi Step Form < 1.7.17 - Admin+ Stored XSS

5.9CVSS4.9AI score0.00122EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2023/12/23 12:0 a.m.•15 views

Loan Repayment Calculator and Application Form < 2.9.4 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00135EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/12/23 12:0 a.m.•27 views

Event Management Tickets Booking <= 1.3.4 - Admin+ Stored XSS

5.9CVSS5.2AI score0.00107EPSS

Exploits0References1

WPVulnDB•added 2023/12/21 12:0 a.m.•13 views

Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Store the script in...

4.8CVSS5.4AI score0.00081EPSS

Exploits2

OSV•added 2023/12/18 8:15 p.m.•2 views

CVE-2023-6295

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites...

7.2CVSS5.8AI score0.00347EPSS

Exploits2References1

NVD•added 2023/12/18 8:15 p.m.•11 views

CVE-2023-6295

7.2CVSS0.00347EPSS

Exploits2References1

OSV•added 2023/12/18 8:15 p.m.•2 views

CVE-2023-5005

The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

4.8CVSS7.3AI score0.00086EPSS

Exploits2References1

Prion•added 2023/12/18 8:15 p.m.•13 views

Design/Logic Flaw

5.8CVSS6.9AI score0.00347EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/12/18 8:8 p.m.•14 views

CVE-2023-6295 so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion

7.1AI score0.00347EPSS

Exploits2References1

Cvelist•added 2023/12/18 8:7 p.m.•24 views

CVE-2023-5005 Autocomplete Location field Contact Form 7 < 3.0 - Admin+ Store Cross-Site Scripting

5AI score0.00086EPSS

Exploits2References1

Positive Technologies•added 2023/12/12 12:0 a.m.•4 views

PT-2023-32595 · WordPress · Siteorigin Widgets Bundle

Name of the Vulnerable Software and Affected Versions: SiteOrigin Widgets Bundle WordPress plugin versions prior to 1.51.0 Description: The issue allows users with the administrator role to perform Local File Inclusion LFI attacks in the context of Multisite WordPress sites. This is due to the...

7.2CVSS7.4AI score0.00347EPSS

Exploits2References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by