CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3448 matches found

WPVulnDB•added 2023/08/30 12:0 a.m.•17 views

GDPR Cookie Consent Notice Box < 1.1.7 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00079EPSS

Exploits1Affected Software1

wpexploit•added 2023/08/30 12:0 a.m.•138 views

FileOrganizer < 1.0.3 - Admin+ Arbitrary File Access

Description The plugin does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. On a multisite instance, log in as an admin. Click on File Organizer in the sidebar. The UI gives full control to the files on the server, despite not being a...

7.2CVSS7.2AI score0.00398EPSS

Exploits1

WPVulnDB•added 2023/08/25 12:0 a.m.•11 views

Product page shipping calculator for WooCommerce < 1.3.26 - Admin+ Stored XSS

5.9CVSS6AI score0.00067EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/08/23 12:0 a.m.•16 views

Easy Form by AYS < 1.2.1 - Admin+ Stored XSS

5.9CVSS5.6AI score0.00067EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/08/23 12:0 a.m.•11 views

Serial Codes Generator and Validator with WooCommerce Support < 2.4.15 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC There are two fields affected by a...

4.8CVSS4.7AI score0.00187EPSS

Exploits2Affected Software1

OSV•added 2023/08/21 5:15 p.m.•2 views

CVE-2023-3667

The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00122EPSS

Exploits2References1

Vulnrichment•added 2023/08/21 12:29 p.m.•9 views

CVE-2023-3667 Bit Assist < 1.1.9 - Admin+ Stored Cross-Site Scripting

5.6AI score0.00122EPSS

Exploits2References1

WPVulnDB•added 2023/08/18 12:0 a.m.•15 views

Logo Scheduler < 1.2.2 - Admin+ Stored XSS

5.9CVSS5.6AI score0.00079EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/08/17 12:0 a.m.•33 views

Cab Grid < 1.6 - Admin+ Stored XSS

5.9CVSS4.8AI score0.00073EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/08/17 12:0 a.m.•10 views

wpDataTables < 2.1.66 - Admin+ PHP Object Injection

Description The plugin does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin...

7.2CVSS7.6AI score0.06706EPSS

Exploits2Affected Software1

OSV•added 2023/08/16 12:15 p.m.•2 views

CVE-2023-2225

The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00091EPSS

Exploits3References1

OSV•added 2023/08/16 12:15 p.m.•2 views

CVE-2023-2254

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...

4.8CVSS6.6AI score

Exploits0References1

Vulnrichment•added 2023/08/16 11:3 a.m.•16 views

CVE-2023-2225 SEO ALert <= 1.59 - Admin+ Stored XSS

5.8AI score0.00091EPSS

Exploits3References1

WPVulnDB•added 2023/08/16 12:0 a.m.•15 views

Optima Express + MarketBoost IDX < 7.3.1 - Admin+ Stored XSS

5.9CVSS5.6AI score0.00079EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/08/16 12:0 a.m.•11 views

Captcha Them All < 1.4 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.5AI score0.00083EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/08/16 12:0 a.m.•14 views

Article Directory Redux <= 1.0.2 - Admin+ Stored XSS

5.9CVSS5.6AI score0.00079EPSS

Exploits0

WPVulnDB•added 2023/08/16 12:0 a.m.•14 views

External Videos <= 2.0.1 - Admin+ Stored XSS

5.9CVSS5.6AI score0.00079EPSS

Exploits0

OSV•added 2023/08/14 8:15 p.m.•1 views

CVE-2023-3721

The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score

Exploits0References1

OSV•added 2023/08/14 8:15 p.m.•2 views

CVE-2023-3645

The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS7.3AI score0.00122EPSS

Exploits2References1

NVD•added 2023/08/14 8:15 p.m.•9 views

CVE-2023-3645

4.8CVSS4.7AI score0.00122EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by