CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

250 matches found

Patchstack•added 2024/03/25 12:0 a.m.•10 views

WordPress Church Admin Plugin <= 4.0.26 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions = 4.0.26 Fixed in 4.0.27 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30197 Patch priority Low CVSS severity Low 6.5 Developer Andy Moyle PSID a171cb3adf3a Credits LVT-tholv2k Required privilege Contributor...

6.5CVSS6.9AI score0.00177EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/11/13 2:32 a.m.•11 views

CVE-2023-38515 WordPress Church Admin Plugin <= 3.7.56 is vulnerable to Server Side Request Forgery (SSRF)

Server-Side Request Forgery SSRF vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56...

5.5CVSS6.9AI score0.00148EPSS

Exploits0References1

NVD•added 2023/11/12 10:15 p.m.•7 views

CVE-2023-28618

Cross-Site Request Forgery CSRF vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin = 1.16 versions...

8.8CVSS0.00051EPSS

Exploits0References1

ATTACKERKB•added 2023/10/03 9:15 p.m.•1 views

CVE-2023-44974

An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.8CVSS7.6AI score0.14303EPSS

Exploits1References2

CNNVD•added 2023/10/03 12:0 a.m.•1 views

emlog 代码问题漏洞

emlog is a lightweight blog and CMS builder based on PHP and MySQL. An arbitrary file upload vulnerability exists in emlog pro /admin/plugin.php, which can be exploited by a remote attacker to submit a special request that can upload a malicious file to execute arbitrary code in the application...

9.8CVSS7.9AI score0.14303EPSS

Exploits1References2

CNNVD•added 2023/08/28 12:0 a.m.•2 views

PerfreeBlog 代码问题漏洞

PerfreeBlog is a java-based blog/CMS builder. A security vulnerability exists in Perfree PerfreeBlog version v.3.1.2, which originates from a vulnerability that allows remote attackers to execute arbitrary code via a crafted plugin listed in admin/plugin/access/list...

7.2CVSS7.6AI score0.0204EPSS

Exploits1References2

Cvelist•added 2023/08/28 12:0 a.m.•11 views

CVE-2023-40825

An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list...

7.4AI score0.0204EPSS

Exploits1References1

Positive Technologies•added 2023/08/28 12:0 a.m.•2 views

PT-2023-27655 · Perfree · Perfreeblog

Name of the Vulnerable Software and Affected Versions: Perfree PerfreeBlog version 3.1.2 Description: An issue in Perfree PerfreeBlog allows a remote attacker to execute arbitrary code via a crafted plugin listed in "admin/plugin/access/list". Recommendations: For Perfree PerfreeBlog version 3.1....

7.2CVSS7.5AI score0.0204EPSS

Exploits1References8

OSV•added 2023/08/16 10:15 a.m.•0 views

CVE-2023-30782

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Andy Moyle Church Admin plugin = 3.7.5 versions...

6.1CVSS7.3AI score

Exploits0References1

Prion•added 2023/08/16 10:15 a.m.•15 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Andy Moyle Church Admin plugin = 3.7.5 versions...

5.8CVSS6AI score0.00109EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/08/16 9:43 a.m.•15 views

CVE-2023-30782 WordPress Church Admin Plugin <= 3.7.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Andy Moyle Church Admin plugin = 3.7.5 versions...

7.1CVSS5.8AI score0.00109EPSS

Exploits0References1

CVE•added 2023/08/16 9:43 a.m.•23 views

CVE-2023-30782

CVE-2023-30782 is a reported unauthenticated, reflected XSS vulnerability in the WordPress plugin Church Admin (Andy Moyle) up to version 3.7.5. Patchstack lists a fixed version of 3.7.6. The vulnerability affects unauthenticated users and is categorized as a reflected XSS (CVSS 7.1 per Patchstac...

7.1CVSS6AI score0.00109EPSS

Exploits0References1Affected Software1

Patchstack•added 2023/07/26 12:0 a.m.•6 views

WordPress Church Admin Plugin <= 3.7.56 is vulnerable to Server Side Request Forgery (SSRF)

Software Church Admin Type Plugin Vulnerable versions = 3.7.56 Fixed in 3.8.0 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2023-38515 Patch priority Low CVSS severity Low 5.5 Developer Andy Moyle PSID 208cb17a34bd Credits Yuchen Ji...

5.5CVSS6.6AI score0.00148EPSS

Exploits0References2Affected Software1

Patchstack•added 2023/07/18 12:0 a.m.•6 views

WordPress WP Dev Powers – Display Screen Dimensions to Admin Plugin Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Dev Powers – Display Screen Dimensions to Admin Plugin Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f38bbbbde0ec...

6.4AI score0.00209EPSS

Exploits0References2Affected Software1

OSV•added 2023/06/23 12:15 p.m.•2 views

CVE-2023-34021

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Andy Moyle Church Admin plugin = 3.7.29 versions...

6.1CVSS7.3AI score

Exploits0References1

Prion•added 2023/06/23 12:15 p.m.•14 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Andy Moyle Church Admin plugin = 3.7.29 versions...

5.8CVSS6AI score0.00105EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/06/23 11:31 a.m.•14 views

CVE-2023-34021 WordPress Church Admin Plugin <= 3.7.29 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Andy Moyle Church Admin plugin = 3.7.29 versions...

7.1CVSS5.8AI score0.00105EPSS

Exploits0References1

Cvelist•added 2023/06/23 11:31 a.m.•14 views

CVE-2023-34021 WordPress Church Admin Plugin <= 3.7.29 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Andy Moyle Church Admin plugin = 3.7.29 versions...

7.1CVSS6.3AI score0.00105EPSS

Exploits0References1

wpexploit•added 2023/06/19 12:0 a.m.•1062 views

Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting

Description The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the plugin's "Quick Start" field, add the...

4.8CVSS4.8AI score0.00101EPSS

Exploits2

Patchstack•added 2023/06/13 12:0 a.m.•11 views

WordPress Church Admin Plugin <= 3.7.29 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions = 3.7.29 Fixed in 3.7.30 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34021 Patch priority Medium CVSS severity Medium 7.1 Developer Andy Moyle PSID 57d5d23230bd Credits Phd Required privilege...

7.1CVSS5.6AI score0.00105EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by