CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3448 matches found

NVD•added 2022/10/03 2:15 p.m.•13 views

CVE-2022-2628

The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00485EPSS

Exploits2References1

ATTACKERKB•added 2022/10/03 2:15 p.m.•2 views

CVE-2022-2628

4.8CVSS5.9AI score0.00485EPSS

Exploits2References2

UbuntuCve•added 2022/10/03 2:15 p.m.•16 views

CVE-2022-2628

4.8CVSS5.9AI score0.00485EPSS

Exploits2References2

Prion•added 2022/10/03 2:15 p.m.•18 views

Cross site scripting

4.3CVSS4.7AI score0.00485EPSS

Exploits2References1Affected Software1

OSV•added 2022/10/03 2:15 p.m.•0 views

UBUNTU-CVE-2022-2763

The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0049EPSS

Exploits2References3

OSV•added 2022/10/03 2:15 p.m.•1 views

UBUNTU-CVE-2022-3128

The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0049EPSS

Exploits2References3

Prion•added 2022/10/03 2:15 p.m.•11 views

Cross site scripting

4.3CVSS4.7AI score0.0049EPSS

Exploits2References1Affected Software1

OSV•added 2022/10/03 2:15 p.m.•1 views

UBUNTU-CVE-2022-2628

4.8CVSS5.8AI score0.00485EPSS

Exploits2References3

Cvelist•added 2022/10/03 1:45 p.m.•15 views

CVE-2022-3128 Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting

4.9AI score0.0049EPSS

Exploits2References1

Cvelist•added 2022/10/03 1:45 p.m.•11 views

CVE-2022-2628 DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting

4.9AI score0.00485EPSS

Exploits2References1

WPVulnDB•added 2022/10/03 12:0 a.m.•14 views

WP Humans.txt <= 1.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Humans.txt...

4.8CVSS2AI score0.00641EPSS

Exploits2Affected Software1

Positive Technologies•added 2022/10/03 12:0 a.m.•1 views

PT-2022-18535 · WordPress · Wp Socializer

Name of the Vulnerable Software and Affected Versions: WP Socializer versions prior to 7.3 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a...

4.8CVSS4.6AI score0.0049EPSS

Exploits2References6

Positive Technologies•added 2022/10/03 12:0 a.m.•4 views

PT-2022-17763 · WordPress · Dsgvo All In One For Wp

Name of the Vulnerable Software and Affected Versions: DSGVO All in one for WP WordPress plugin versions prior to 4.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

4.8CVSS4.6AI score0.00485EPSS

Exploits2References6

WPVulnDB•added 2022/09/29 12:0 a.m.•17 views

Accordions < 2.1.0 - Admin+ Stored XSS

4.8CVSS2.2AI score0.00218EPSS

Exploits0Affected Software1

WPVulnDB•added 2022/09/29 12:0 a.m.•15 views

Analytics Cat < 1.1.0 - Admin+ Stored Cross-Site Scripting

4.8CVSS2.4AI score0.00314EPSS

Exploits0Affected Software1

WPVulnDB•added 2022/09/27 12:0 a.m.•17 views

Advanced Ads < 1.32.0 - Admin+ Stored XSS

4.8CVSS2.1AI score0.00218EPSS

Exploits0Affected Software1

OSV•added 2022/09/26 1:15 p.m.•0 views

CVE-2022-3135

The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00304EPSS

Exploits2References1

OSV•added 2022/09/26 1:15 p.m.•1 views

CVE-2022-3076

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example...

7.2CVSS5.9AI score0.01072EPSS

Exploits2References1

NVD•added 2022/09/26 1:15 p.m.•11 views

CVE-2022-2352

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for example...

7.2CVSS0.01001EPSS

Exploits2References1

Prion•added 2022/09/26 1:15 p.m.•14 views

Server side request forgery (ssrf)

5.8CVSS6.8AI score0.01001EPSS

Exploits2References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by