CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2023-34004 affects the WordPress plugin WooCommerce Box Office, specifically versions up to and including 1.1.50. The vulnerability is a Stored Cross-Site Scripting (XSS) that can be triggered by authenticated users with contributor-level permissions. The issue is resolved in version 1.1.51 o...

6.5CVSS5.5AI score0.00429EPSS

Exploits2References1Affected Software1

NVD•added 2023/08/30 2:15 p.m.•15 views

CVE-2023-34187

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alan Tien Call Now Icon Animate plugin = 0.1.0 versions...

5.9CVSS5.4AI score0.00366EPSS

Exploits0References1

Cvelist•added 2023/08/30 2:12 p.m.•45 views

CVE-2023-34172 WordPress WordPress Social Login Plugin <= 3.0.4 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Miled WordPress Social Login plugin = 3.0.4 versions...

5.9CVSS5.5AI score0.00439EPSS

Exploits1References1

CVE•added 2023/08/30 12:57 p.m.•42 views

CVE-2023-27426

CVE-2023-27426 : WordPress NotifyVisitors Lead Form plugin (

5.9CVSS5AI score0.00366EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/08/30 12:52 p.m.•25 views

CVE-2023-33929 WordPress Easy Admin Menu Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Joaquín Ruiz Easy Admin Menu plugin = 1.3 versions...

5.9CVSS5.5AI score0.00366EPSS

Exploits0References1

CVE•added 2023/08/30 12:18 p.m.•43 views

CVE-2023-25462

The CVE-2023-25462 vulnerability is a Stored XSS in the WP htaccess Control plugin (

5.9CVSS5AI score0.00369EPSS

Exploits0References1Affected Software1

Prion•added 2023/08/30 12:15 p.m.•16 views

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in WooCommerce WooCommerce Brands plugin = 1.6.45 versions...

4.9CVSS5.2AI score0.00374EPSS

Exploits1References1Affected Software1

CVE•added 2023/08/30 11:56 a.m.•43 views

CVE-2023-32962

CVE-2023-32962 affects HasTheme WishSuite – Wishlist for WooCommerce plugin (WordPress). The vulnerability is a Stored Cross-Site Scripting (XSS) that requires admin+ authentication. A fix exists: update to version higher than 1.3.4 (PatchStack lists 1.3.5 as the patched release). Public referenc...

5.9CVSS5AI score0.00366EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/08/30 11:56 a.m.•18 views

CVE-2023-32962 WordPress WishSuite Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin = 1.3.4 versions...

5.9CVSS5.6AI score0.00366EPSS

Exploits0References1

CVE•added 2023/08/30 11:34 a.m.•65 views

CVE-2023-32793

CVE-2023-32793 affects the WordPress WooCommerce Pre-Orders plugin 2.0.0, specifically 2.0.1 or later, to mitigate the issue. Monitor for updates from the plugin maintainers and security advisories for any additional context or indicators of active exploitation.

6.5CVSS5.5AI score0.00374EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2023/08/28 12:0 a.m.•4 views

PT-2023-4750

Name of the Vulnerable Software and Affected Versions Red Hat Ansible affected versions not specified Description The issue is related to the lack of protection of the SQL query structure in Red Hat Ansible's configuration management system. Exploitation of this issue could allow a remote attacke...

9CVSS5.7AI score

Exploits0References12

Packet Storm•added 2023/08/28 12:0 a.m.•300 views

HighPlus CMS 0.1.3 SQL Injection

==================================================================================================================================== | Title : HighPlus CMS v0.1.3 Auth By pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...

7.1AI score

Exploits0

CVE•added 2023/08/25 10:23 a.m.•42 views

CVE-2023-24394

CVE-2023-24394 is a stored XSS vulnerability in the WordPress plugin iframe-popup (Gopi Ramasamy) for versions

5.9CVSS5AI score0.00369EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/08/25 9:54 a.m.•30 views

CVE-2023-25981 WordPress BuddyForms Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in ThemeKraft Post Form plugin = 2.8.1 versions...

6.5CVSS5.6AI score0.00358EPSS

Exploits0References1

CVE•added 2023/08/25 8:46 a.m.•38 views

CVE-2023-32577

CVE-2023-32577 – DevBuddy Twitter Feed (WordPress)

5.9CVSS5AI score0.00366EPSS

Exploits0References1Affected Software1

Packet Storm•added 2023/08/25 12:0 a.m.•312 views

G And G Corporate CMS 1.0 SQL Injection

==================================================================================================================================== | Title : G&G Corporate CMS v1.0 Auth by Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-bi...

7.1AI score

Exploits0

Tenable Nessus•added 2023/08/25 12:0 a.m.•199 views

Juniper Junos OS Pre-Auth RCE (JSA72300)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA72300 advisory. - A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX and SRX Series allows an unauthenticated, network-based attacker to...

9.8CVSS7.8AI score0.94205EPSS

Exploits28References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by