CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8961 matches found

WPVulnDB•added 2023/01/11 12:0 a.m.•31 views

Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC email name='" onmouseover="alert1"...

5.4CVSS2.6AI score0.00649EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/01/10 12:0 a.m.•15 views

Strong Testimonials < 3.0.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...

5.4CVSS3.2AI score0.00649EPSS

Exploits2Affected Software1

wpexploit•added 2023/01/10 12:0 a.m.•81 views

Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode

5.4CVSS0.6AI score0.00573EPSS

Exploits2

WPVulnDB•added 2023/01/10 12:0 a.m.•20 views

Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode

5.4CVSS1.5AI score0.00573EPSS

Exploits2Affected Software1

wpexploit•added 2023/01/10 12:0 a.m.•129 views

PPWP – WordPress Password Protect Page < 1.8.6 - Contributor+ Stored XSS in Shortcode

5.4CVSS0.6AI score0.00649EPSS

Exploits2

WPVulnDB•added 2023/01/10 12:0 a.m.•26 views

PPWP – WordPress Password Protect Page < 1.8.6 - Contributor+ Stored XSS in Shortcode

5.4CVSS1.7AI score0.00649EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/01/10 12:0 a.m.•19 views

Easy Testimonials < 3.9.3 - Contributor+ Stored XSS

5.4CVSS2.8AI score0.00649EPSS

Exploits2Affected Software1

wpexploit•added 2023/01/10 12:0 a.m.•134 views

WP-ShowHide < 1.05 - Contributor+ Stored XSS via Shortcode

5.4CVSS1.6AI score0.00573EPSS

Exploits2

WPVulnDB•added 2023/01/10 12:0 a.m.•19 views

WP-ShowHide < 1.05 - Contributor+ Stored XSS via Shortcode

5.4CVSS3.4AI score0.00573EPSS

Exploits2Affected Software1

wpexploit•added 2023/01/10 12:0 a.m.•167 views

Event Manager and Tickets Selling Plugin for WooCommerce < 3.8.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 1. Add an event in the plugin with a city meta as: " onmouseover="alert1" 2. On a n...

5.4CVSS0.3AI score0.00477EPSS

Exploits2

wpexploit•added 2023/01/10 12:0 a.m.•175 views

PDF.js Viewer < 2.1.8 - Contributor+ Stored XSS via Shortcode

5.4CVSS2.8AI score0.00562EPSS

Exploits2

WPVulnDB•added 2023/01/10 12:0 a.m.•48 views

PDF.js Viewer < 2.1.8 - Contributor+ Stored XSS via Shortcode

5.4CVSS3.6AI score0.00562EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/01/10 12:0 a.m.•22 views

Post Category Image With Grid and Slider < 1.4.8 - Contributor+ Stored XSS via Shortcode

5.4CVSS2.5AI score0.00685EPSS

Exploits2Affected Software1

wpexploit•added 2023/01/10 12:0 a.m.•105 views

Strong Testimonials < 3.0.3 - Contributor+ Stored XSS via Shortcode

5.4CVSS2.2AI score0.00649EPSS

Exploits2

wpexploit•added 2023/01/10 12:0 a.m.•144 views

Post Category Image With Grid and Slider < 1.4.8 - Contributor+ Stored XSS via Shortcode

5.4CVSS1.5AI score0.00685EPSS

Exploits2

OSV•added 2023/01/09 11:15 p.m.•1 views

CVE-2022-4468

The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score

Exploits0References1

OSV•added 2023/01/09 11:15 p.m.•2 views

CVE-2022-4497

The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.4CVSS5.8AI score0.00534EPSS

Exploits2References1

OSV•added 2023/01/09 11:15 p.m.•1 views

CVE-2022-4491

The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high...

5.4CVSS5.8AI score

Exploits0References1

OSV•added 2023/01/09 11:15 p.m.•2 views

CVE-2022-4479

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00575EPSS

Exploits2References1

CNNVD•added 2023/01/09 12:0 a.m.•3 views

WordPress Plugin Jetpack CRM 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

5.4CVSS5.5AI score0.00534EPSS

Exploits2References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by