CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2023/06/27 1:17 p.m.•12 views

CVE-2023-2711 Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS

5.6AI score0.00171EPSS

Cvelist•added 2023/06/27 1:17 p.m.•17 views

CVE-2023-2711 Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS

5AI score0.00171EPSS

Vulnrichment•added 2023/06/27 1:17 p.m.•18 views

CVE-2023-0873 Kanban Boards for WordPress < 2.5.21 - Admin+ Stored XSS

The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.00213EPSS

Cvelist•added 2023/06/27 1:17 p.m.•12 views

CVE-2023-0873 Kanban Boards for WordPress < 2.5.21 - Admin+ Stored XSS

5AI score0.00213EPSS

Cvelist•added 2023/06/27 1:17 p.m.•17 views

CVE-2023-2178 Aajoda Testimonials < 2.2.2 - Admin+ Stored XSS

4.9AI score0.02135EPSS

Vulnrichment•added 2023/06/27 1:17 p.m.•10 views

CVE-2023-2178 Aajoda Testimonials < 2.2.2 - Admin+ Stored XSS

5.6AI score0.02135EPSS

Cvelist•added 2023/06/27 1:17 p.m.•14 views

CVE-2023-2580 AI-Engine < 1.6.83 - Admin+ Stored XSS

The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

5AI score0.00113EPSS

Optin Forms <= 1.3.2 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

SimpleModal Contact Form (SMCF) <= 1.2.9 - Admin+ Stored XSS

WPVulnDB•added 2023/06/26 12:0 a.m.•18 views

Cancel order request WooCommerce < 1.3.3 - Admin+ Stored XSS

WPVulnDB•added 2023/06/26 12:0 a.m.•15 views

Floating Chat Widget < 3.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Steps to Reproduce: 1. Open Chaty Plugin...

4.8CVSS5AI score0.00113EPSS

Exploits2Affected Software1

5.4CVSS5.4AI score0.00117EPSS

NEX-Forms < 8.4.4 - Authenticated Stored XSS

The plugin does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such feature. PoC Create a new form with the...

Exploits1Affected Software1

Order date time for WooCommerce < 3.0.20 - Admin+ Stored XSS

NVD•added 2023/06/19 11:15 a.m.•12 views

CVE-2023-2401

The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00095EPSS

NVD•added 2023/06/19 11:15 a.m.•9 views

CVE-2023-2684

The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00123EPSS

OSV•added 2023/06/19 11:15 a.m.•1 views

CVE-2023-2684

4.8CVSS7.3AI score0.00123EPSS