CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1360 matches found

WPVulnDB•added 2023/06/20 12:0 a.m.•25 views

WooCommerce Bulk Stock Management < 2.2.34 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below...

7.1CVSS8.4AI score0.00367EPSS

Exploits1Affected Software1

OSV•added 2023/06/19 11:15 a.m.•1 views

CVE-2023-2684

The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00442EPSS

Exploits2References1

OSV•added 2023/06/19 11:15 a.m.•1 views

CVE-2023-2742

The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.0047EPSS

Exploits2References1

Prion•added 2023/06/19 11:15 a.m.•11 views

Cross site scripting

The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.0047EPSS

Exploits2References1Affected Software1

Prion•added 2023/06/19 11:15 a.m.•21 views

Cross site scripting

4.3CVSS4.8AI score0.0047EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/06/19 10:52 a.m.•46 views

CVE-2023-2401 Qubotchat < 1.1.6 – Admin+ Stored XSS

The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00442EPSS

Exploits2References1

WPVulnDB•added 2023/06/19 12:0 a.m.•17 views

AI ChatBot < 4.6.1 - Admin+ Stored Cross-Site Scripting

The plugin does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Visit WPBot Lite Settings Language Center. 2. Within any of the tabs "General", "FAQ", or "ChatBot...

4.8CVSS5.3AI score0.00511EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/06/19 12:0 a.m.•13 views

All In One Redirection < 2.2.0 - Admin+ SQLi

The plugin does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC When adding a redirection, sourceurlinsert is vulnerable with the payload: sourceurlinsert...

7.2CVSS9.6AI score0.00831EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/06/19 12:0 a.m.•10 views

URL Shortify < 1.7.0 - Admin+ Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate to "URL Shortify Settings Links"...

4.8CVSS5.4AI score0.00469EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/06/19 12:0 a.m.•15 views

TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Settings" » "TinyMCE Custom Styles"...

4.8CVSS5.4AI score0.00451EPSS

Exploits2Affected Software1

OSV•added 2023/06/15 9:30 p.m.•3 views

GHSA-4588-7X48-JRGJ Magento Open Source allows Server-Side Request Forgery (SSRF)

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests v...

6.9CVSS5.1AI score0.00861EPSS

Exploits0References3

Github Security Blog•added 2023/06/15 9:30 p.m.•9 views

Magento Open Source allows Improper Neutralization of Special Elements Used

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of...

9.1CVSS7.6AI score0.01223EPSS

Exploits0References3Affected Software2

Github Security Blog•added 2023/06/15 9:30 p.m.•7 views

Magento Open Source allows Server-Side Request Forgery (SSRF)

4.9CVSS7.1AI score0.00861EPSS

Exploits0References3Affected Software2

OSV•added 2023/06/15 9:30 p.m.•3 views

GHSA-5F79-VHR4-VW2R Magento Open Source allows Server-Side Request Forgery (SSRF)

6.9CVSS5.1AI score0.00986EPSS

Exploits0References3