CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3448 matches found

OSV•added 2023/01/02 10:15 p.m.•1 views

CVE-2022-4256

The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.8AI score

Exploits0References1

OSV•added 2023/01/02 10:15 p.m.•3 views

CVE-2022-4119

The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.8AI score0.00326EPSS

Exploits2References1

OSV•added 2023/01/02 10:15 p.m.•0 views

CVE-2022-4200

The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00418EPSS

Exploits2References1

OSV•added 2023/01/02 10:15 p.m.•0 views

CVE-2022-4198

The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score

Exploits0References2

OSV•added 2023/01/02 10:15 p.m.•2 views

CVE-2022-4109

The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to for example in multisite...

2.7CVSS5.9AI score0.00327EPSS

Exploits2References1

NVD•added 2023/01/02 10:15 p.m.•16 views

CVE-2022-4119

4.8CVSS4.7AI score0.00326EPSS

Exploits2References1

OSV•added 2023/01/02 10:15 p.m.•1 views

CVE-2022-3936

The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup...

4.8CVSS5.8AI score0.00339EPSS

Exploits2References1

Prion•added 2023/01/02 10:15 p.m.•11 views

Cross site scripting

4.3CVSS6.1AI score0.0046EPSS

Exploits2References2Affected Software1

Prion•added 2023/01/02 10:15 p.m.•11 views

Cross site scripting

4.3CVSS4.8AI score0.00339EPSS

Exploits2References1Affected Software1

Prion•added 2023/01/02 10:15 p.m.•9 views

Cross site scripting

4.3CVSS5.4AI score0.00418EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/01/02 9:49 p.m.•15 views

CVE-2022-4260 WP-Ban < 1.69.1 - Admin+ Stored XSS

The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.9AI score0.00613EPSS

Exploits2References1

Cvelist•added 2023/01/02 9:49 p.m.•11 views

CVE-2022-4200 Login with Cognito <= 1.4.8 - Admin+ Stored XSS

5.6AI score0.00418EPSS

Exploits2References1

Cvelist•added 2023/01/02 9:49 p.m.•10 views

CVE-2022-4109 Wholesale Market for WooCommerce < 2.0.0 - Admin+ Arbitrary Log Download

4.1AI score0.00327EPSS

Exploits2References1

Cvelist•added 2023/01/02 9:49 p.m.•15 views

CVE-2022-3936 Team Members < 5.2.1 - Editor+ Stored XSS

5.1AI score0.00339EPSS

Exploits2References1

Cvelist•added 2023/01/02 9:49 p.m.•21 views

CVE-2022-4119 Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS

5AI score0.00326EPSS

Exploits2References1

Positive Technologies•added 2023/01/02 12:0 a.m.•3 views

PT-2023-7909 · WordPress · Wp-Ban

Name of the Vulnerable Software and Affected Versions: WP-Ban WordPress plugin versions prior to 1.69.1 Description: The issue is related to the WP-Ban WordPress plugin not sanitizing and escaping some of its settings, which could allow high privilege users, such as admins, to perform Stored...

4.8CVSS4.9AI score0.00613EPSS

Exploits2References7

Positive Technologies•added 2023/01/02 12:0 a.m.•1 views

PT-2023-14051 · WordPress · Social Sharing

Name of the Vulnerable Software and Affected Versions: WP Social Sharing WordPress plugin versions through 2.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and...

9.8CVSS6.2AI score0.05976EPSS

Exploits11References17

OSV•added 2022/12/28 11:15 a.m.•0 views

CVE-2022-3922

The Broken Link Checker WordPress plugin before 1.11.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score

Exploits0References1

Prion•added 2022/12/28 11:15 a.m.•14 views

Cross site scripting

4.3CVSS4.7AI score0.00326EPSS

Exploits2References1Affected Software1

Positive Technologies•added 2022/12/28 12:0 a.m.•1 views

PT-2022-24819 · WordPress · Broken Link Checker

Name of the Vulnerable Software and Affected Versions: Broken Link Checker WordPress plugin versions prior to 1.11.20 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

4.8CVSS6AI score0.00326EPSS

Exploits2References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by