CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3444 matches found

Patchstack•added 2022/02/28 12:0 a.m.•5 views

WordPress Multisite Robots.txt Manager plugin <= 3.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Multisite Robots.txt Manager plugin versions = 3.0.0. Solution No patched version available...

3.9AI score

Exploits0References2Affected Software1

wpexploit•added 2022/02/07 12:0 a.m.•100 views

Multisite Content Copier/Updater < 2.1.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wmcccontenttype, wmccsourceblog and wmccrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues alert/XSS-contenttype/' / alert/XSS-source/' / alert/XSS-record/' /...

6.1CVSS0.0021EPSS

Exploits2

WPVulnDB•added 2022/02/07 12:0 a.m.•24 views

Multisite User Sync/Unsync < 2.1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC...

6.1CVSS0.7AI score0.0021EPSS

Exploits2Affected Software1

wpexploit•added 2022/02/07 12:0 a.m.•142 views

Multisite User Sync/Unsync < 2.1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues alert/XSS-sourceblog/' / alert/XSS-record/' /...

6.1CVSS0.0021EPSS

Exploits2

WPVulnDB•added 2022/02/03 12:0 a.m.•14 views

Ad Inserter < 2.7.11 - Admin+ RCE / Stored XSS

The plugin does not make any security checks regarding the PHP and JS code in blocks, allowing high privilege users such as admin to execute commands on the underlying OS as well as perform Stored Cross-Site Scripting attacks even in multisite blogs and hardened ones. PoC 1. Go to Settings - Ad...

6AI score

Exploits0Affected Software1

OSV•added 2022/01/18 5:15 p.m.•0 views

CVE-2022-0210

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and...

4.8CVSS5.8AI score0.0059EPSS

Exploits1References3

OSV•added 2022/01/18 5:15 p.m.•2 views

CVE-2022-0232

The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loadertext parameter found in the /includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary we...

4.8CVSS5.8AI score0.00432EPSS

Exploits1References3

Positive Technologies•added 2022/01/18 12:0 a.m.•2 views

PT-2022-13038 · WordPress · Random Banner

Name of the Vulnerable Software and Affected Versions: Random Banner WordPress plugin versions up to and including 4.1.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file. This allow...

4.8CVSS4.9AI score0.0059EPSS

Exploits1References6

OpenVAS•added 2022/01/11 12:0 a.m.•20 views

Discourse < 2.7.12 DoS Vulnerability

Discourse is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"...

6.8CVSS6.5AI score0.00297EPSS

Exploits1References1

OpenVAS•added 2022/01/11 12:0 a.m.•17 views

Discourse 2.8.x < 2.8.0.beta10 DoS Vulnerability

6.8CVSS6.5AI score0.00297EPSS

Exploits1References1

Tenable Nessus•added 2022/01/07 12:0 a.m.•11 views

WordPress 4.2.x < 4.2.31 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS vulnerability through post slugs. - An object injection vulnerability in some multisite installations. - A SQL injection vulnerability in...

7.2AI score

Exploits0References2

Tenable Nessus•added 2022/01/07 12:0 a.m.•82 views

WordPress 5.2.x < 5.2.14 Multiple Vulnerabilities

7.2AI score

Exploits0References2

Tenable Nessus•added 2022/01/07 12:0 a.m.•39 views

WordPress 4.5.x < 4.5.25 Multiple Vulnerabilities

7.2AI score

Exploits0References2

Tenable Nessus•added 2022/01/07 12:0 a.m.•32 views

WordPress 5.8.x < 5.8.3 Multiple Vulnerabilities

7.2AI score

Exploits0References2

Tenable Nessus•added 2022/01/07 12:0 a.m.•9 views

WordPress 4.6.x < 4.6.22 Multiple Vulnerabilities

7.2AI score

Exploits0References2

Tenable Nessus•added 2022/01/07 12:0 a.m.•15 views

WordPress 3.9.x < 3.9.35 Multiple Vulnerabilities

7.2AI score

Exploits0References2

OSV•added 2022/01/06 11:15 p.m.•2 views

DEBIAN-CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

7.2CVSS7.4AI score0.0031EPSS

Exploits1References1