CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Cvelist•added 2024/12/14 6:45 a.m.•12 views

CVE-2024-12628 bodi0’s Easy Cache <= 0.8 - Authenticated (Admin+) Stored Cross-Site Scripting

The bodi0s Easy cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cache-folder' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS0.00216EPSS

Exploits0References3

WPVulnDB•added 2024/02/28 12:0 a.m.•21 views

Events Manager < 6.4.7 - Authenticated(Administator+) Stored Cross-Site Scripting via settings

Description The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...

4.8CVSS5.9AI score0.00304EPSS

Exploits1References1Affected Software1

Prion•added 2023/09/27 3:19 p.m.•15 views

Cross site scripting

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible f...

4.3CVSS4.8AI score0.00316EPSS

Exploits1References4Affected Software1

Veracode•added 2023/07/14 7:34 a.m.•29 views

Race Condition

umbraco.cms.infrastructure and umbraco.cms.web.backoffice are vulnerable to a Race Condition. The vulnerability exists because under extreme conditions a remote unauthenticated attacker is able to acquire admin-level permissions via a restart...

9.8CVSS7AI score0.00418EPSS

Exploits0References5Affected Software2

Prion•added 2023/07/13 2:15 p.m.•16 views

Input validation

Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1...

7.5CVSS9.2AI score0.00418EPSS

Exploits0References4Affected Software1

OSV•added 2023/07/13 1:43 p.m.•14 views

CVE-2023-37267 Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions

7.5CVSS8.9AI score0.00418EPSS

Exploits0References6

Prion•added 2023/06/09 6:16 a.m.•9 views

Cross site scripting

The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

3.2CVSS4.4AI score0.00156EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by