CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1059 matches found

Vulnrichment•added 2022/11/03 7:22 p.m.•6 views

CVE-2022-36428 WordPress Rock Convert plugin <= 2.11.0 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. admin+ Cross-Site Scripting XSS vulnerability in Stage Rock Convert plugin = 2.11.0 on WordPress...

4.8CVSS4.9AI score0.00218EPSS

Exploits0References2

Cvelist•added 2022/11/03 7:22 p.m.•15 views

CVE-2022-36428 WordPress Rock Convert plugin <= 2.11.0 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. admin+ Cross-Site Scripting XSS vulnerability in Stage Rock Convert plugin = 2.11.0 on WordPress...

4.8CVSS5.2AI score0.00218EPSS

Exploits0References2

CVE•added 2022/11/03 7:22 p.m.•59 views

CVE-2022-36428

CVE-2022-36428 is a WordPress vulnerability in the Stage Rock Convert plugin (versions

4.8CVSS4.9AI score0.00218EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2022/11/03 12:0 a.m.•2 views

PT-2022-23364 · Unknown · Stage Rock Convert

Name of the Vulnerable Software and Affected Versions: Stage Rock Convert plugin versions prior to 2.11.0 Description: A Cross-Site Scripting XSS issue exists, allowing authentication bypass for admin+ users. Recommendations: For versions prior to 2.11.0, update to version 2.11.0 or later to...

4.8CVSS5.1AI score0.00218EPSS

Exploits0References5

CNNVD•added 2022/11/03 12:0 a.m.•1 views

WordPress plugin Stage Rock Convert 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.8CVSS4.9AI score0.00218EPSS

Exploits0References3

OSV•added 2022/10/31 4:15 p.m.•2 views

CVE-2022-3440

The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.00331EPSS

Exploits2References1

NVD•added 2022/10/31 4:15 p.m.•9 views

CVE-2022-3440

6.1CVSS0.00331EPSS

Exploits2References1

OSV•added 2022/10/31 4:15 p.m.•2 views

CVE-2022-3441

The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score

Exploits0References1

NVD•added 2022/10/31 4:15 p.m.•13 views

CVE-2022-3441

4.8CVSS0.00344EPSS

Exploits2References1

Prion•added 2022/10/31 4:15 p.m.•11 views

Cross site scripting

4.3CVSS4.7AI score0.00344EPSS

Exploits2References1Affected Software1

CVE•added 2022/10/31 12:0 a.m.•55 views

CVE-2022-3440

CVE-2022-3440 affects the Rock Convert WordPress plugin prior to 2.11.0. The vulnerability arises because the plugin does not sanitize or escape a URL before outputting it into an attribute when a specific widget is present on a page, which enables Reflected Cross-Site Scripting. Affected product...

6.1CVSS6AI score0.00331EPSS

Exploits2References1Affected Software1

CVE•added 2022/10/31 12:0 a.m.•58 views

CVE-2022-3441

The CVE-2022-3441 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in the Rock Convert WordPress plugin prior to version 2.11.0. The issue arises because the plugin does not sanitise/escape certain settings, enabling high-privilege users (e.g., admins) to perform XSS even when un...

4.8CVSS4.7AI score0.00344EPSS

Exploits2References1Affected Software1

Positive Technologies•added 2022/10/31 12:0 a.m.•3 views

PT-2022-22159 · WordPress · The Rock Convert

Name of the Vulnerable Software and Affected Versions: The Rock Convert WordPress plugin versions prior to 2.11.0 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs when a specific widget is present on a page and an URL is not properly sanitised and escaped...

6.1CVSS6AI score0.00331EPSS

Exploits2References5

Vulnrichment•added 2022/10/31 12:0 a.m.•4 views

CVE-2022-3441 Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting

5.6AI score0.00344EPSS

Exploits2References1

CNNVD•added 2022/10/31 12:0 a.m.•1 views

WordPress plugin Rock Convert 跨站脚本漏洞

6.1CVSS5.9AI score0.00331EPSS

Exploits2References2

CNNVD•added 2022/10/31 12:0 a.m.•2 views

WordPress plugin Rock Convert 跨站脚本漏洞

4.8CVSS4.9AI score0.00344EPSS

Exploits2References2

Positive Technologies•added 2022/10/31 12:0 a.m.•2 views

PT-2022-22160 · WordPress · The Rock Convert

Name of the Vulnerable Software and Affected Versions: The Rock Convert WordPress plugin versions prior to 2.11.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised a...

4.8CVSS4.5AI score0.00344EPSS

Exploits2References5

Vulnrichment•added 2022/10/31 12:0 a.m.•4 views

CVE-2022-3440 Rock Convert < 2.6.0 - Reflected Cross-Site Scripting

6AI score0.00331EPSS

Exploits2References1

Cvelist•added 2022/10/31 12:0 a.m.•26 views

CVE-2022-3441 Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting

5AI score0.00344EPSS

Exploits2References1

Patchstack•added 2022/10/13 12:0 a.m.•22 views

WordPress Rock Convert plugin <= 2.11.0 - Auth. Cross-Site Scripting (XSS) vulnerability

Auth. Cross-Site Scripting XSS vulnerability was discovered by Mika Patchstack Alliance in the WordPress Rock Convert plugin versions = 2.11.0. Solution Update the WordPress Rock Convert plugin to the latest available version at least 3.0.0...

4.8CVSS2.9AI score0.00218EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by