CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3448 matches found

Prion•added 2023/11/06 9:15 p.m.•18 views

Cross site scripting

The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.8AI score0.00097EPSS

Exploits2References1Affected Software1

Prion•added 2023/11/06 9:15 p.m.•15 views

Cross site scripting

The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.9AI score0.00111EPSS

Exploits2References2Affected Software1

Prion•added 2023/11/06 9:15 p.m.•17 views

Cross site scripting

The Simple Table Manager WordPress plugin through 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.9AI score0.00094EPSS

Exploits2References2Affected Software1

Cvelist•added 2023/11/06 8:41 p.m.•14 views

CVE-2023-4858 WP Simple Table Manager Plugin <= 1.5.6 - Admin+ Stored Cross-Site Scripting

4.9AI score0.00094EPSS

Exploits2References2

Positive Technologies•added 2023/11/06 12:0 a.m.•4 views

PT-2023-30862 · WordPress · Simple Table Manager

Name of the Vulnerable Software and Affected Versions: The Simple Table Manager WordPress plugin versions 1.5.6 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, f...

4.8CVSS5.3AI score0.00094EPSS

Exploits2References5

WPVulnDB•added 2023/11/06 12:0 a.m.•20 views

Bookly < 22.5 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. As an admin user, visit the...

4.8CVSS4.8AI score0.00104EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/11/03 12:0 a.m.•15 views

WC Captcha <= 1.5 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5AI score0.00063EPSS

Exploits0References1

OSV•added 2023/11/02 9:15 a.m.•0 views

CVE-2023-5606

The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.8CVSS5.9AI score

Exploits0References2

ATTACKERKB•added 2023/11/02 9:15 a.m.•1 views

CVE-2023-5606

4.8CVSS5.9AI score0.00122EPSS

Exploits2References3Affected Software1

OSV•added 2023/10/31 2:15 p.m.•2 views

CVE-2023-5243

The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score

Exploits0References1

NVD•added 2023/10/31 2:15 p.m.•9 views

CVE-2023-5243

4.8CVSS4.8AI score0.00187EPSS

Exploits2References1

NVD•added 2023/10/31 2:15 p.m.•8 views

CVE-2023-4390

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

4.8CVSS5AI score0.00187EPSS

Exploits2References1

OSV•added 2023/10/31 2:15 p.m.•3 views

CVE-2023-4390

4.8CVSS5.9AI score0.00187EPSS

Exploits2References1

Prion•added 2023/10/31 2:15 p.m.•14 views

Cross site scripting

4.3CVSS4.9AI score0.00187EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2023/10/27 12:0 a.m.•20 views

Forminator and Forminator Pro < 1.27.0 - Admin+ Stored Cross-Site Scripting

Description The plugin does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC...

4.8CVSS6.9AI score0.00097EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/10/27 12:0 a.m.•14 views

Internal Link Building <= 1.2.3 - Admin+ Stored XSS

5.9CVSS5.6AI score0.00063EPSS

Exploits0References2

WPVulnDB•added 2023/10/27 12:0 a.m.•15 views

Custom post types <= 5.0.0 - Admin+ Stored XSS

5.9CVSS6AI score0.00063EPSS

Exploits0References1

WPVulnDB•added 2023/10/27 12:0 a.m.•11 views

Triberr <= 4.1.1 - Admin+ Stored XSS