CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8961 matches found

wpexploit•added 2022/12/22 12:0 a.m.•112 views

3D FlipBook < 1.13.3 - Contributor+ Stored XSS

The plugin does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators. 1. As an administrator, creat...

6.1CVSS0.6AI score0.00534EPSS

Exploits2

WPVulnDB•added 2022/12/22 12:0 a.m.•26 views

3D FlipBook < 1.13.3 - Contributor+ Stored XSS

6.1CVSS2AI score0.00534EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/22 12:0 a.m.•105 views

Font Awesome < 4.3.2 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. Exploit shortcode: icon name='circle-exclamation'...

5.4CVSS1.2AI score0.00471EPSS

Exploits2

WPVulnDB•added 2022/12/22 12:0 a.m.•17 views

Font Awesome < 4.3.2 - Contributor+ Stored XSS

5.4CVSS2.5AI score0.00471EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/22 12:0 a.m.•75 views

Real Testimonials < 2.6.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1.1AI score0.00471EPSS

Exploits2

wpexploit•added 2022/12/22 12:0 a.m.•79 views

Carousel, Slider, Gallery by WP Carousel < 2.5.3 - Contributor+ Stored XSS

5.4CVSS0.3AI score0.00471EPSS

Exploits2

WPVulnDB•added 2022/12/22 12:0 a.m.•35 views

Carousel, Slider, Gallery by WP Carousel < 2.5.3 - Contributor+ Stored XSS

5.4CVSS1.8AI score0.00471EPSS

Exploits2Affected Software1

WPVulnDB•added 2022/12/21 12:0 a.m.•19 views

Page Scroll To ID < 1.7.6 - Contributor+ Stored XSS

5.4CVSS1.5AI score0.00471EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/21 12:0 a.m.•94 views

Click to Chat < 3.18.1 - Contributor+ Stored XSS

5.4CVSS0.7AI score0.00534EPSS

Exploits2

WPVulnDB•added 2022/12/21 12:0 a.m.•22 views

Click to Chat < 3.18.1 - Contributor+ Stored XSS

5.4CVSS1.4AI score0.00534EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/21 12:0 a.m.•90 views

Simple Membership < 4.2.2 - Contributor+ Stored XSS

5.4CVSS0.3AI score0.00534EPSS

Exploits2

WPVulnDB•added 2022/12/21 12:0 a.m.•14 views

Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Install WooCommerce and add a product...

5.4CVSS3.3AI score0.00471EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/21 12:0 a.m.•367 views

Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode

5.4CVSS0.7AI score0.00471EPSS

Exploits2

WPVulnDB•added 2022/12/21 12:0 a.m.•17 views

JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode

5.4CVSS3.1AI score0.00477EPSS

Exploits2Affected Software1

WPVulnDB•added 2022/12/20 12:0 a.m.•19 views

Ibtana – WordPress Website Builder < 1.1.8.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack PoC Exploit shortcode: ive t='2100-01-01' id='" onmouseover="alert1" style="background:red;"'...

5.4CVSS3.7AI score0.00555EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/20 12:0 a.m.•121 views

Ibtana – WordPress Website Builder < 1.1.8.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack Exploit shortcode: ive t='2100-01-01' id='" onmouseover="alert1" style="background:red;"'...

5.4CVSS2AI score0.00555EPSS

Exploits2

wpexploit•added 2022/12/20 12:0 a.m.•116 views

Download Manager < 3.2.62 - Contributor+ Stored XSS

5.4CVSS0.2AI score0.00575EPSS

Exploits2

WPVulnDB•added 2022/12/20 12:0 a.m.•18 views

WOOCS < 1.3.9.3 - Contributor+ Stored XSS

5.4CVSS1.7AI score0.00503EPSS

Exploits3Affected Software1

OSV•added 2022/12/19 2:15 p.m.•2 views

CVE-2022-3984

The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00471EPSS

Exploits2References1

OSV•added 2022/12/19 2:15 p.m.•2 views

CVE-2022-3985

The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00471EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by