CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3448 matches found

OSV•added 2023/05/02 8:15 a.m.•1 views

CVE-2023-0924

The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install...

7.2CVSS7.2AI score0.00904EPSS

Exploits2References1

NVD•added 2023/05/02 8:15 a.m.•7 views

CVE-2023-1090

The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00288EPSS

Exploits2References2

NVD•added 2023/05/02 8:15 a.m.•8 views

CVE-2023-0924

7.2CVSS6.8AI score0.00904EPSS

Exploits2References1

OSV•added 2023/05/02 8:15 a.m.•2 views

CVE-2023-1525

The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score0.00288EPSS

Exploits2References1

OSV•added 2023/05/02 8:15 a.m.•1 views

CVE-2023-1021

The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score

Exploits0References1

OSV•added 2023/05/02 8:15 a.m.•1 views

CVE-2023-1090

4.8CVSS7.3AI score0.00288EPSS

Exploits2References2

Prion•added 2023/05/02 8:15 a.m.•13 views

Cross site scripting

4.3CVSS4.7AI score0.00288EPSS

Exploits2References2Affected Software1

Prion•added 2023/05/02 8:15 a.m.•12 views

Design/Logic Flaw

5.8CVSS6.8AI score0.00904EPSS

Exploits2References1Affected Software1

Prion•added 2023/05/02 8:15 a.m.•11 views

Cross site scripting

4.3CVSS4.7AI score0.00207EPSS

Exploits2References1Affected Software1

Prion•added 2023/05/02 8:15 a.m.•19 views

Cross site scripting

4.3CVSS4.7AI score0.00288EPSS

Exploits2References1Affected Software1

Prion•added 2023/05/02 8:15 a.m.•11 views

Cross site scripting

The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00415EPSS

Exploits2References1Affected Software1

Vulnrichment•added 2023/05/02 7:4 a.m.•7 views

CVE-2023-1614 WP Custom Author URL < 1.0.5 - Admin+ Stored XSS

4.7AI score0.00415EPSS

Exploits2References1

Cvelist•added 2023/05/02 7:4 a.m.•16 views

CVE-2023-1554 Quick Paypal Payments < 5.7.26.4 - Admin+ Stored XSS

The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00226EPSS

Exploits2References1

Vulnrichment•added 2023/05/02 7:4 a.m.•8 views

CVE-2023-1525 Site Reviews < 6.7.1 - Admin+ Stored XSS

4.7AI score0.00288EPSS

Exploits2References1

Cvelist•added 2023/05/02 7:4 a.m.•28 views

CVE-2023-1525 Site Reviews < 6.7.1 - Admin+ Stored XSS

5AI score0.00288EPSS

Exploits2References1

Cvelist•added 2023/05/02 7:4 a.m.•11 views

CVE-2023-0924 Zyrex Popup <= 1.0 - Admin+ Arbitrary File Upload

7AI score0.00904EPSS

Exploits2References1

WPVulnDB•added 2023/05/02 12:0 a.m.•25 views

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Settings » Login rebuilder 2. In...

4.8CVSS8.2AI score0.00154EPSS

Exploits3Affected Software1

Positive Technologies•added 2023/05/02 12:0 a.m.•2 views

PT-2023-16620 · WordPress · Zyrex Popup

Name of the Vulnerable Software and Affected Versions: ZYREX POPUP WordPress plugin versions 1.0 and earlier Description: The issue allows a high privileged user, such as an Administrator, to upload arbitrary files when creating a popup, even when modifying the file system is disallowed, such as ...

7.2CVSS7.2AI score0.00904EPSS

Exploits2References4

WPVulnDB•added 2023/04/29 12:0 a.m.•11 views

I Recommend This <= 3.8.3 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00207EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/04/28 12:0 a.m.•22 views

WP-CORS <= 0.2.1 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00207EPSS

Exploits0Affected Software1

Rows per page