CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

WPVulnDB•added 2022/12/22 12:0 a.m.•35 views

Carousel, Slider, Gallery by WP Carousel < 2.5.3 - Contributor+ Stored XSS

5.4CVSS1.8AI score0.00471EPSS

wpexploit•added 2022/12/22 12:0 a.m.•106 views

Font Awesome < 4.3.2 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. Exploit shortcode: icon name='circle-exclamation'...

5.4CVSS1.2AI score0.00471EPSS

WPVulnDB•added 2022/12/22 12:0 a.m.•18 views

Font Awesome < 4.3.2 - Contributor+ Stored XSS

5.4CVSS2.5AI score0.00471EPSS

WPVulnDB•added 2022/12/21 12:0 a.m.•19 views

Page Scroll To ID < 1.7.6 - Contributor+ Stored XSS

5.4CVSS1.5AI score0.00471EPSS

WPVulnDB•added 2022/12/21 12:0 a.m.•22 views

Click to Chat < 3.18.1 - Contributor+ Stored XSS

5.4CVSS1.4AI score0.00534EPSS

WPVulnDB•added 2022/12/21 12:0 a.m.•14 views

Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Install WooCommerce and add a product...

5.4CVSS3.3AI score0.00471EPSS

WPVulnDB•added 2022/12/21 12:0 a.m.•18 views

JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode

5.4CVSS3.1AI score0.00477EPSS

wpexploit•added 2022/12/21 12:0 a.m.•97 views

Click to Chat < 3.18.1 - Contributor+ Stored XSS

5.4CVSS0.7AI score0.00534EPSS

wpexploit•added 2022/12/21 12:0 a.m.•91 views

Simple Membership < 4.2.2 - Contributor+ Stored XSS

5.4CVSS0.3AI score0.00534EPSS

wpexploit•added 2022/12/21 12:0 a.m.•371 views

Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode

5.4CVSS0.7AI score0.00471EPSS

WPVulnDB•added 2022/12/20 12:0 a.m.•19 views

Ibtana – WordPress Website Builder < 1.1.8.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack PoC Exploit shortcode: ive t='2100-01-01' id='" onmouseover="alert1" style="background:red;"'...

5.4CVSS3.7AI score0.00555EPSS

wpexploit•added 2022/12/20 12:0 a.m.•118 views

Download Manager < 3.2.62 - Contributor+ Stored XSS

5.4CVSS0.2AI score0.00575EPSS

WPVulnDB•added 2022/12/20 12:0 a.m.•18 views

WOOCS < 1.3.9.3 - Contributor+ Stored XSS

5.4CVSS1.7AI score0.00503EPSS

Exploits3Affected Software1

wpexploit•added 2022/12/20 12:0 a.m.•122 views

Ibtana – WordPress Website Builder < 1.1.8.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack Exploit shortcode: ive t='2100-01-01' id='" onmouseover="alert1" style="background:red;"'...

5.4CVSS2AI score0.00555EPSS

OSV•added 2022/12/19 2:15 p.m.•2 views

CVE-2022-3984

The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

OSV•added 2022/12/19 2:15 p.m.•2 views

CVE-2022-3985

The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

OSV•added 2022/12/19 2:15 p.m.•3 views

CVE-2022-3983

The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

OSV•added 2022/12/19 2:15 p.m.•3 views

CVE-2022-3987

The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

OSV•added 2022/12/19 2:15 p.m.•2 views

CVE-2022-3986

The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...