Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3448 matches found

OSV
OSVadded 2023/12/11 8:15 p.m.2 views

CVE-2023-5907

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

6.5CVSS5.5AI score
Exploits0References1
NVD
NVDadded 2023/12/11 8:15 p.m.7 views

CVE-2023-5940

The WP Not Login Hide WPNLH WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00086EPSS
Exploits2References1
NVD
NVDadded 2023/12/11 8:15 p.m.10 views

CVE-2023-5907

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

6.5CVSS0.0036EPSS
Exploits2References1
OSV
OSVadded 2023/12/11 8:15 p.m.4 views

CVE-2023-5757

The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00093EPSS
Exploits2References1
OSV
OSVadded 2023/12/11 8:15 p.m.2 views

CVE-2023-5940

The WP Not Login Hide WPNLH WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00086EPSS
Exploits2References1
Prion
Prionadded 2023/12/11 8:15 p.m.19 views

Design/Logic Flaw

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

4.7CVSS6.8AI score0.0036EPSS
Exploits2References1Affected Software1
Prion
Prionadded 2023/12/11 8:15 p.m.14 views

Cross site scripting

The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.9AI score0.00093EPSS
Exploits2References1Affected Software1
Prion
Prionadded 2023/12/11 8:15 p.m.14 views

Cross site scripting

The WP Not Login Hide WPNLH WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.9AI score0.00086EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2023/12/11 7:30 p.m.27 views

CVE-2023-5955 Contact Form Email < 1.3.44 - Editor+ Stored Cross-Site Scripting

The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00081EPSS
Exploits2References1
Cvelist
Cvelistadded 2023/12/11 7:22 p.m.12 views

CVE-2023-5940 WP Not Login Hide <= 1.0 - Admin+ Stored XSS

The WP Not Login Hide WPNLH WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00086EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2023/12/11 7:22 p.m.7 views

CVE-2023-5907 File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

6.4AI score0.0036EPSS
Exploits2References1
Cvelist
Cvelistadded 2023/12/11 7:22 p.m.15 views

CVE-2023-5907 File Manager < 6.3 - Admin+ Arbitrary OS File/Folder Access + Path Traversal

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

6.5AI score0.0036EPSS
Exploits2References1
Positive Technologies
Positive Technologiesadded 2023/12/11 12:0 a.m.4 views

PT-2023-32413 · WordPress · File Manager

Name of the Vulnerable Software and Affected Versions: File Manager WordPress plugin versions prior to 6.3 Description: The issue allows an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site...

6.5CVSS6.9AI score0.0036EPSS
Exploits2References6
WPVulnDB
WPVulnDBadded 2023/12/11 12:0 a.m.16 views

WP TripAdvisor Review Slider < 11.9 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to Get TripAdvisor Reviews...

4.8CVSS4.9AI score0.00089EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologiesadded 2023/12/11 12:0 a.m.4 views

PT-2023-32442 · WordPress · Contact Form Email

Name of the Vulnerable Software and Affected Versions: Contact Form Email WordPress plugin versions prior to 1.3.44 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

6.1CVSS6AI score0.00081EPSS
Exploits2References8
WPVulnDB
WPVulnDBadded 2023/12/11 12:0 a.m.15 views

Tutor LMS < 2.3.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00135EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVASadded 2023/12/11 12:0 a.m.4 views

WordPress 6.4.x < 6.4.2 RCE Vulnerability - Windows

WordPress is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.2AI score
Exploits0References1
WPVulnDB
WPVulnDBadded 2023/12/10 12:0 a.m.12 views

Rocket Maintenance Mode & Coming Soon Page < 4.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.9AI score0.00135EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDBadded 2023/12/08 12:0 a.m.31 views

Social Share Buttons & Analytics Plugin < 4.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.3AI score0.00135EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDBadded 2023/12/07 12:0 a.m.21 views

Nested Pages < 3.2.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.3AI score0.00135EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder