CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3448 matches found

Vulnrichment•added 2022/11/28 1:47 p.m.•4 views

CVE-2022-3824 WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS

The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00166EPSS

Exploits2References1

Cvelist•added 2022/11/28 1:47 p.m.•11 views

CVE-2022-3828 Video Thumbnails <= 2.12.3 - Admin+ Stored XSS

The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00227EPSS

Exploits2References1

Vulnrichment•added 2022/11/28 1:47 p.m.•4 views

CVE-2022-3828 Video Thumbnails <= 2.12.3 - Admin+ Stored XSS

4.9AI score0.00227EPSS

Exploits2References1

Cvelist•added 2022/11/28 1:47 p.m.•14 views

CVE-2022-3601 Image Hover Effects Css3 <= 4.5 - Admin+ Stored XSS

The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00218EPSS

Exploits2References1

OSV•added 2022/11/21 11:15 a.m.•1 views

CVE-2022-3762

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrar...

6.5CVSS5.9AI score

Exploits0References1

Prion•added 2022/11/21 11:15 a.m.•11 views

Code injection

4CVSS6.4AI score0.00807EPSS

Exploits2References1Affected Software1

Positive Technologies•added 2022/11/21 12:0 a.m.•2 views

PT-2022-23246 · WordPress · Spacer

Name of the Vulnerable Software and Affected Versions: Spacer WordPress plugin versions prior to 3.0.7 Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...

4.8CVSS6.1AI score0.00218EPSS

Exploits2References5

Cvelist•added 2022/11/21 12:0 a.m.•13 views

CVE-2022-3762 Booster for WooCommerce - ShopManager+ Arbitrary File Download

6.7AI score0.00807EPSS

Exploits2References1

Cvelist•added 2022/11/21 12:0 a.m.•12 views

CVE-2022-3618 Spacer < 3.0.7 - Admin+ Stored XSS

The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

5.1AI score0.00218EPSS

Exploits2References1

AlpineLinux•added 2022/11/21 12:0 a.m.•1 views

CVE-2022-3618

4.8CVSS4AI score0.00218EPSS

Exploits2References1

WPVulnDB•added 2022/11/17 12:0 a.m.•17 views

Anthologize < 0.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its project parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.4AI score0.00218EPSS

Exploits0Affected Software1

WPVulnDB•added 2022/11/17 12:0 a.m.•20 views

Chameleon < 1.4.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2AI score0.00218EPSS

Exploits0Affected Software1

WPVulnDB•added 2022/11/17 12:0 a.m.•20 views

News Announcement Scroll < 9.0.0 - Admin+ Stored XSS

4.8CVSS2.5AI score0.00314EPSS

Exploits0Affected Software1

WPVulnDB•added 2022/11/16 12:0 a.m.•22 views

Image Hover Effects < 5.5 - Admin+ Stored XSS

4.8CVSS0.6AI score0.00288EPSS

Exploits2Affected Software1

NVD•added 2022/11/14 3:15 p.m.•11 views

CVE-2022-3631

The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite...

4.8CVSS0.00218EPSS

Exploits2References1

OSV•added 2022/11/14 3:15 p.m.•1 views

CVE-2022-3631

4.8CVSS5.8AI score

Exploits0References1

OSV•added 2022/11/14 3:15 p.m.•0 views

CVE-2022-3469

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

4.8CVSS5.8AI score

Exploits0References1

Prion•added 2022/11/14 3:15 p.m.•13 views

Cross site scripting

4.3CVSS4.8AI score0.00218EPSS

Exploits2References1Affected Software1

Prion•added 2022/11/14 3:15 p.m.•15 views

Cross site scripting

4.3CVSS4.8AI score0.00357EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2022/11/14 12:0 a.m.•13 views

WordPress Countdown Widget < 3.1.9.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

2.3AI score

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by