Lucene search
K

6611 matches found

CVE
CVE
added 2023/04/06 8:9 a.m.53 views

CVE-2023-24003

CVE-2023-24003 affects the WP Popups WordPress plugin, specifically versions

6.5CVSS5.2AI score0.00393EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/04/06 8:4 a.m.18 views

CVE-2023-24002 WordPress YouTube Embed, Playlist and Popup by WpDevArt Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin = 2.6.3 versions...

5.9CVSS5.5AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2023/04/06 8:4 a.m.46 views

CVE-2023-24002

CVE-2023-24002 affects the WordPress plugin YouTube Embed, Playlist and Popup by WpDevArt, specifically versions up to 2.6.3. The vulnerability is an authenticated (admin+) Stored XSS in the plugin. Root cause details are not expanded beyond the description, but the issue is mitigated by upgradin...

5.9CVSS5AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/06 7:55 a.m.40 views

CVE-2023-24006

The CVE-2023-24006 entry affects the WordPress plugin Link Software LLC WP Terms Popup, vulnerable in versions

5.9CVSS5AI score0.00392EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/06 7:42 a.m.14 views

CVE-2023-23998 WordPress VikRentCar Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in E4J s.R.L. VikRentCar Car Rental Management System plugin = 1.3.0 versions...

5.9CVSS5.6AI score0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/06 7:42 a.m.19 views

CVE-2023-23998 WordPress VikRentCar Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in E4J s.R.L. VikRentCar Car Rental Management System plugin = 1.3.0 versions...

5.9CVSS5.5AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2023/04/06 7:39 a.m.35 views

CVE-2023-23980

MailOptin Popup Builder WordPress plugin

5.9CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/06 5:50 a.m.36 views

CVE-2023-23972

CVE-2023-23972 concerns the WordPress plugin “Social Like Box and Page by WpDevArt” (Smplug-in) up to version 0.8.39. The issue is a stored XSS vulnerability that requires admin+ privileges to exploit. The underlying cause is improper sanitization/escaping in the plugin’s inputs, enabling a high-...

5.9CVSS4.9AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/06 4:58 a.m.44 views

CVE-2023-23815

CVE-2023-23815 affects the WordPress plugin WordPress Multi-column Tag Map (Alan Jackson) versions

6.5CVSS5.3AI score0.00386EPSS
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.250 views

POLR URL 2.3.0 - Shortener Admin Takeover

Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Date: 2021-02-01 Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword...

9.3CVSS9.4AI score0.07164EPSS
Exploits3
CVE
CVE
added 2023/04/05 7:35 a.m.58 views

CVE-2023-26536

CVE-2023-26536 affects the WordPress plugin “Jonk @ Follow me Darling Sptify Play Button for WordPress” (Sp tify Play Button) up to version 2.05. The issue is an authenticated stored XSS via shortcode attributes (contributor+ required) that can output malicious scripts. Patch available in version...

6.5CVSS5.5AI score0.0037EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2023/04/05 12:0 a.m.6 views

ILIAS < 7.19 Multiple Vulnerabilities

ILIAS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ilias:ilias"; if description...

7.3AI score
Exploits0References1
Cvelist
Cvelist
added 2023/04/04 12:56 p.m.23 views

CVE-2023-23977 WordPress Heateor Social Comments Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin = 1.6.1 versions...

6.5CVSS6AI score0.00383EPSS
Exploits0References1
CVE
CVE
added 2023/04/04 11:26 a.m.34 views

CVE-2023-23686

CVE-2023-23686 affects WordPress Simple Staff List plugin versions

6.5CVSS5.3AI score0.00393EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/04 11:5 a.m.55 views

CVE-2023-23685

RadiusTheme Portfolio – WordPress Portfolio plugin versions ≤ 2.8.10 are affected by a Stored Cross-Site Scripting (XSS) vulnerability requiring contributor+ authentication. The root cause is an XSS flaw in the plugin’s handling of data stored in the vulnerable path. Impact is XSS in authenticate...

6.5CVSS5.3AI score0.00361EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/04/04 10:15 a.m.29 views

CVE-2022-4934

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code...

7.2CVSS7.4AI score0.01819EPSS
Exploits0References1
NVD
NVD
added 2023/04/04 10:15 a.m.23 views

CVE-2023-1671

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code...

9.8CVSS9.8AI score0.99999EPSS
Exploits10References3
Prion
Prion
added 2023/04/04 10:15 a.m.23 views

Command injection

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code...

7.5CVSS9.7AI score0.99999EPSS
Exploits10References2Affected Software1
CVE
CVE
added 2023/04/04 12:0 a.m.56 views

CVE-2022-4934

Sophos Web Appliance is affected by CVE-2022-4934. A post-auth command injection vulnerability resides in the exception wizard of Sophos Web Appliance versions prior to 4.3.10.4, allowing an administrator to execute arbitrary commands. The underlying issue is described in PT-2023-2216 as a failur...

7.2CVSS7.4AI score0.01819EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/04/04 12:0 a.m.38 views

CVE-2023-1671

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS7.8AI score0.99999EPSS
In wildExploits10References4
Rows per page
Query Builder