CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2023/04/18 9:36 p.m.•13 views

CVE-2023-30606 Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse

4.2CVSS5.7AI score0.00339EPSS

WPVulnDB•added 2023/04/18 12:0 a.m.•13 views

Semalt Blocker <= 1.1.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00207EPSS

WPVulnDB•added 2023/04/18 12:0 a.m.•19 views

Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings

Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the "Enter the URL: field, add the XSS...

4.8CVSS7.4AI score0.01098EPSS

Exploits2Affected Software1

Positive Technologies•added 2023/04/18 12:0 a.m.•2 views

PT-2023-22804 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: Discourse is an open source platform for community discussion. In affected versions, a user logged as an administrator can call arbitrary methods on th...

4.9CVSS5.2AI score0.00339EPSS

Exploits0References8

WPVulnDB•added 2023/04/18 12:0 a.m.•25 views

TaxoPress < 3.6.5 - Editor+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS5.1AI score0.00571EPSS

WPVulnDB•added 2023/04/18 12:0 a.m.•18 views

ApexChat < 1.3.2 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00207EPSS

WPVulnDB•added 2023/04/17 12:0 a.m.•12 views

WP Login Box <= 2.0.2 - Admin+ Stored XSS

4.8CVSS7.6AI score0.00207EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/04/14 12:0 a.m.•23 views

Motor Racing League <= 1.9.9 - Admin+ XSS

5.9CVSS5.5AI score0.00207EPSS

WPVulnDB•added 2023/04/14 12:0 a.m.•13 views

Electric Studio Client Login <= 0.8.1 - Admin+ Stored XSS

5.9CVSS5.5AI score0.00207EPSS

WPVulnDB•added 2023/04/13 12:0 a.m.•15 views

Simple Popup Images <= 1.8.6 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00298EPSS

WPVulnDB•added 2023/04/12 12:0 a.m.•11 views

ChatBot < 4.5.1 - Admin+ Stored XSS

The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Your...

4.8CVSS5.1AI score0.00226EPSS

Exploits2Affected Software1

NVD•added 2023/04/10 2:15 p.m.•9 views

CVE-2023-1122

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00207EPSS

OSV•added 2023/04/10 2:15 p.m.•1 views

CVE-2023-1122

4.8CVSS6.6AI score

OSV•added 2023/04/10 2:15 p.m.•3 views

CVE-2023-0893

The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score0.00226EPSS

OSV•added 2023/04/10 2:15 p.m.•0 views

CVE-2023-1120

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score0.00226EPSS

NVD•added 2023/04/10 2:15 p.m.•5 views

CVE-2023-0874

The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.8AI score0.00207EPSS

OSV•added 2023/04/10 2:15 p.m.•2 views

CVE-2023-0605

The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00207EPSS

Exploits1References1

OSV•added 2023/04/10 2:15 p.m.•2 views

CVE-2023-0422

The Article Directory WordPress plugin through 1.3 does not properly sanitize the publishtermstext setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts...

4.8CVSS5.8AI score0.00207EPSS

OSV•added 2023/04/10 2:15 p.m.•1 views

CVE-2023-1121

4.8CVSS7.3AI score