Lucene search
K

6613 matches found

CVE
CVE
added 2023/05/10 7:19 a.m.36 views

CVE-2023-23786

CVE-2023-23786 concerns the WordPress affiliate-toolkit plugin from Christof Servit, with a Stored XSS issue exploitable by users with Editor+ permissions in versions

5.9CVSS5.2AI score0.00358EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/10 7:15 a.m.40 views

CVE-2023-23788

CVE-2023-23788 affects the WordPress plugin Custom More Link Complete by Florin Arjocu, versions

5.9CVSS5AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/09 11:5 a.m.51 views

CVE-2023-23647

CVE-2023-23647 is a stored-XSS vulnerability in the WordPress plugin Team Member – Team with Slider (also listed as Team Show­case Supreme) for versions

5.9CVSS5.2AI score0.00367EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/09 10:44 a.m.40 views

CVE-2023-24372

CVE-2023-24372 concerns a Stored XSS in WordPress plugin Simple Custom Author Profiles (<= 1.0.0). The initial entry specifies Admin+ authentication required and a stored cross-site scripting vulnerability in the plugin. Connected records corroborate the issue affecting the Simple Custom Autho...

5.9CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/09 10:40 a.m.50 views

CVE-2023-23734

The CVE-2023-23734 issue affects the WordPress plugin Userlike – WordPress Live Chat (David Voswinkel) versions ≤ 2.2. It is an authenticated Stored XSS vulnerability (admin+), caused by insufficient sanitization/escaping of settings, enabling an administrator to inject scripts executed by other ...

5.9CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/09 10:29 a.m.41 views

CVE-2023-23732

CVE-2023-23732 concerns the Disqus Conditional Load WordPress plugin (11.0.6, with Patchstack noting low exploit likelihood. References corroborate XSS vector and affected version range and provide the patch status and guidance to update. Technical details beyond the basic vulnerability descripti...

5.9CVSS5AI score0.00369EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/09 10:15 a.m.13 views

Cross site scripting

Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in Rymera Web Co Wholesale Suite plugin = 2.1.5 versions...

4.9CVSS5.2AI score0.00383EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/09 10:7 a.m.46 views

CVE-2023-23884

CVE-2023-23884 relates to the WordPress plugin Kanban Boards for WordPress (Kanban) where an authenticated admin can trigger a stored XSS in versions up to 2.5.20. The vulnerability is caused by inadequate input sanitization in the plugin’s Kanban feature, allowing an admin with privileges to inj...

5.9CVSS5.1AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/09 10:1 a.m.55 views

CVE-2023-23883

CVE-2023-23883 : WordPress WP Content Filter plugin versions ≤ 3.0.1 contain a stored XSS vulnerability that requires admin+ privileges . The root cause is a stored XSS in the plugin’s handling of content. Impact per sources includes potential user impact and low overall risk in public contexts. ...

5.9CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/09 9:58 a.m.36 views

CVE-2023-23664

CVE-2023-23664 describes a Stored XSS in the ConvertBox Auto Embed WordPress plugin (versions

6.5CVSS5.3AI score0.00361EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/09 9:50 a.m.2 views

grafana: Escalation from admin to server admin when auth proxy is used

A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username or email in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with thi...

6.6CVSS7.3AI score0.01267EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/05/09 7:38 a.m.16 views

CVE-2023-23863 WordPress TreePress – Easy Family Trees & Ancestor Profiles Plugin <= 2.0.22 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin = 2.0.22 versions...

5.9CVSS5.5AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2023/05/09 6:49 a.m.6 views

MAL-2023-114 Malicious code in auth-test-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb18aabc5749a94ac657ae109997f03bd170e42c876bd450cc0bf43ee32619cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/09 6:49 a.m.4 views

Malicious code in auth-test-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb18aabc5749a94ac657ae109997f03bd170e42c876bd450cc0bf43ee32619cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
CVE
CVE
added 2023/05/08 9:37 p.m.41 views

CVE-2023-24376

CVE-2023-24376 affects WP Simple Events (WordPress) ≤ 1.0. The vulnerability is an Auth. (admin+) Stored Cross-Site Scripting (XSS) in the plugin, with the exploitation described as a stored XSS condition requiring administrative privileges and user interaction. CVSS scores vary by source (NVD: 4...

5.9CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2023/05/08 6:30 p.m.10 views

@karmalicious/nodejs-drivers (>=2.0.0 <=8.0.0), azupck (>=1.1.72 <=1.4.4) +13 more potentially affected by CVE-2023-2583 via jsreport (>=1.10.0 <=2.11.0)

jsreport NPM version =1.10.0, =2.0.0, =1.1.72, =1.0.28, =1.8.1, =1.0.1, =0.0.1, =1.0.0, =1.0.80, =1.1.36, =2.14.0, =2.30.0 Source cves: CVE-2023-2583 Source advisory: OSV:GHSA-G7RJ-Q722-245G...

10CVSS7.2AI score0.01128EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/05/08 4:28 p.m.13 views

CVE-2023-1979 Auth bypass in Web Stories for WordPress plugin

The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability ...

4.9CVSS6.6AI score0.00442EPSS
Exploits0References2
Prion
Prion
added 2023/05/08 3:15 p.m.9 views

Cross site scripting

Auth subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Macho Themes NewsMag theme = 2.4.4 versions...

4.9CVSS5.3AI score0.0037EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/08 3:15 p.m.18 views

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.4 versions...

4.9CVSS5.2AI score0.00387EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/08 2:36 p.m.47 views

CVE-2023-24408

CVE-2023-24408 affects the Ecwid Ecommerce Shopping Cart WordPress plugin, where a Stored XSS vulnerability can be triggered in versions

6.5CVSS5.3AI score0.00387EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder