CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2022/06/27 9:15 a.m.•3 views

CVE-2022-1029

4.8CVSS5.6AI score0.00185EPSS

Exploits2References3

OSV•added 2022/06/27 9:15 a.m.•0 views

CVE-2022-1010

The Login using WordPress Users WP as SAML IDP WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in...

OSV•added 2022/06/27 9:15 a.m.•1 views

CVE-2022-1029

NVD•added 2022/06/27 9:15 a.m.•7 views

CVE-2022-1095

The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00308EPSS

ATTACKERKB•added 2022/06/27 9:15 a.m.•3 views

CVE-2022-1113

The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups...

4.8CVSS5.5AI score0.00206EPSS

Exploits2References2

ATTACKERKB•added 2022/06/27 9:15 a.m.•2 views

CVE-2022-1028

The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml ...

4.8CVSS5.6AI score0.00393EPSS

Exploits2References2

OSV•added 2022/06/27 9:15 a.m.•0 views

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

ATTACKERKB•added 2022/06/27 9:15 a.m.•2 views

CVE-2022-1010

4.8CVSS5.5AI score0.00287EPSS

Exploits2References2

OSV•added 2022/06/27 9:15 a.m.•1 views

CVE-2022-1095

NVD•added 2022/06/27 9:15 a.m.•11 views

CVE-2022-1321

4.8CVSS0.00393EPSS

Prion•added 2022/06/27 9:15 a.m.•14 views

Cross site scripting

The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup...

3.5CVSS4.9AI score0.00287EPSS

Prion•added 2022/06/27 9:15 a.m.•11 views

Cross site scripting

3.5CVSS4.9AI score0.00393EPSS

Cvelist•added 2022/06/27 8:59 a.m.•12 views

CVE-2022-1971 NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS

The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00206EPSS

Cvelist•added 2022/06/27 8:56 a.m.•13 views

CVE-2022-1029 Limit Login Attempts < 4.0.72 - Admin+ Stored Cross-Site Scripting

5.2AI score0.00185EPSS

WPVulnDB•added 2022/06/27 12:0 a.m.•19 views

Simple Page Transition <= 1.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Ignored Download...

4.8CVSS1.4AI score0.00201EPSS

WPVulnDB•added 2022/06/27 12:0 a.m.•16 views

W-DALIL <= 2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Add/edit a Dali Item and put the following payload in...

4.8CVSS2.2AI score0.00184EPSS

Positive Technologies•added 2022/06/27 12:0 a.m.•3 views

PT-2022-13602

Name of the Vulnerable Software and Affected Versions Limit Login Attempts WordPress plugin versions prior to 4.0.72 Description The issue allows malicious users with administrator privileges to store malicious Javascript code, leading to Cross-Site Scripting attacks when unfiltered html is...

4.8CVSS6.1AI score0.00185EPSS

Exploits2References4

WPVulnDB•added 2022/06/22 12:0 a.m.•24 views

Data Tables Generator by Supsystic < 1.10.20 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a table, go to its settings,...

4.8CVSS0.8AI score0.00206EPSS

Exploits2Affected Software1

OSV•added 2022/06/20 11:15 a.m.•1 views

CVE-2022-1915

The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...