CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8961 matches found

CNNVD•added 2023/01/09 12:0 a.m.•3 views

WordPress Plugin Table of Contents Plus 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.4AI score0.00575EPSS

Exploits2References2

Positive Technologies•added 2023/01/09 12:0 a.m.•2 views

PT-2023-14568 · WordPress · Wp-Table Reloaded

Name of the Vulnerable Software and Affected Versions: WP-Table Reloaded WordPress plugin versions 1.9.4 and earlier Description: The issue allows users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as...

5.4CVSS5.3AI score0.00471EPSS

Exploits2References5

Positive Technologies•added 2023/01/09 12:0 a.m.•3 views

PT-2023-14529 · WordPress · Wp Recipe Maker

Name of the Vulnerable Software and Affected Versions: WP Recipe Maker versions prior to 8.6.1 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admin. This is due to the...

5.4CVSS5.3AI score0.00534EPSS

Exploits2References5

Positive Technologies•added 2023/01/09 12:0 a.m.•3 views

PT-2023-14572 · WordPress · Jetpack Crm

Name of the Vulnerable Software and Affected Versions: Jetpack CRM WordPress plugin versions prior to 5.5 Description: The issue concerns the Jetpack CRM WordPress plugin, where it fails to validate and escape certain shortcode attributes before outputting them, potentially leading to Stored...

5.4CVSS5.3AI score0.00534EPSS

Exploits2References4

Positive Technologies•added 2023/01/09 12:0 a.m.•2 views

PT-2023-14554 · WordPress · Table Of Contents Plus

Name of the Vulnerable Software and Affected Versions: Table of Contents Plus WordPress plugin versions prior to 2212 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which could lead to Stored Cross-Site Scripting attacks. Users with a role as lo...

5.4CVSS5.3AI score0.00575EPSS

Exploits2References4

wpexploit•added 2023/01/06 12:0 a.m.•104 views

WP Extended Search < 2.1.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: wpessearchform searchformcssclass='" onmouseover="alert1"'...

5.4CVSS1.9AI score0.00484EPSS

Exploits2

WPVulnDB•added 2023/01/06 12:0 a.m.•12 views

WP Extended Search < 2.1.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: wpessearchform searchformcssclass='" onmouseover="alert1"'...

5.4CVSS3.8AI score0.00484EPSS

Exploits2Affected Software1

wpexploit•added 2023/01/06 12:0 a.m.•91 views

Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: wpspwrecentpostslider design='" onmouseover="alert1" style="background:red;"'...

6.8CVSS1.6AI score0.00627EPSS

Exploits2

WPVulnDB•added 2023/01/06 12:0 a.m.•13 views

Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: wpspwrecentpostslider design='" onmouseover="alert1" style="background:red;"'...

6.8CVSS3.3AI score0.00627EPSS

Exploits2Affected Software1

wpexploit•added 2023/01/06 12:0 a.m.•107 views

News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: bdpmasonry grid='1" onmouseover="alert1" style="background:red;"'...

5.4CVSS1.7AI score0.00438EPSS

Exploits2

WPVulnDB•added 2023/01/06 12:0 a.m.•19 views

News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: bdpmasonry grid='1" onmouseover="alert1" style="background:red;"'...

5.4CVSS3.7AI score0.00438EPSS

Exploits2Affected Software1

wpexploit•added 2023/01/06 12:0 a.m.•94 views

Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro < 1.8.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.3AI score0.00548EPSS

Exploits2

WPVulnDB•added 2023/01/06 12:0 a.m.•17 views

Posts List Designer by Category < 3.2 - Contributor+ Stored XSS via Shortcode

5.4CVSS2.8AI score0.00471EPSS

Exploits2Affected Software1

wpexploit•added 2023/01/06 12:0 a.m.•99 views

Posts List Designer by Category < 3.2 - Contributor+ Stored XSS via Shortcode

5.4CVSS1.7AI score0.00471EPSS

Exploits2

wpexploit•added 2023/01/06 12:0 a.m.•87 views

CPO Companion < 1.1.0 - Contributor+ Stored XSS via Shortcode