CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2024/01/16 4:15 p.m.•0 views

CVE-2023-6005

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

4.8CVSS5.8AI score

Exploits0References1

NVD•added 2024/01/16 4:15 p.m.•9 views

CVE-2022-3829

The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

OSV•added 2024/01/16 4:15 p.m.•0 views

CVE-2023-0389

The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

4.8CVSS5.8AI score0.00191EPSS

OSV•added 2024/01/16 4:15 p.m.•1 views

CVE-2022-3829

4.8CVSS5.8AI score0.00198EPSS

NVD•added 2024/01/16 4:15 p.m.•10 views

CVE-2022-3836

The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Prion•added 2024/01/16 4:15 p.m.•12 views

Cross site scripting

4.3CVSS5.9AI score0.00191EPSS

Prion•added 2024/01/16 4:15 p.m.•11 views

Cross site scripting

The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.9AI score0.00198EPSS

Prion•added 2024/01/16 4:15 p.m.•13 views

Cross site scripting

4.3CVSS5.9AI score0.00198EPSS

Prion•added 2024/01/16 4:15 p.m.•11 views

Cross site scripting

4.3CVSS5.9AI score0.00171EPSS

Vulnrichment•added 2024/01/16 3:56 p.m.•21 views

CVE-2023-0389 Calculated Fields Form < 1.1.151 - Admin+ Stored Cross-Site Scripting via Dropdown Fields

5.6AI score0.00191EPSS

Positive Technologies•added 2024/01/16 12:0 a.m.•1 views

PT-2024-11610 · WordPress · Font Awesome 4 Menus

Name of the Vulnerable Software and Affected Versions: Font Awesome 4 Menus WordPress plugin versions prior to 4.7.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

4.8CVSS4.6AI score0.00198EPSS

Exploits2References5

Positive Technologies•added 2024/01/16 12:0 a.m.•1 views

PT-2024-11922 · WordPress · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form WordPress plugin versions prior to 1.1.151 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

4.8CVSS5.3AI score0.00191EPSS

Exploits2References4

Prion•added 2024/01/15 4:15 p.m.•19 views

Cross site scripting

The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite set...

4.3CVSS5.8AI score0.00081EPSS

Prion•added 2024/01/15 4:15 p.m.•11 views

Cross site scripting

The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.9AI score0.00081EPSS

Vulnrichment•added 2024/01/15 3:10 p.m.•5 views

CVE-2023-6163 WP Crowdfunding < 2.1.10 - Admin+ Stored XSS

4.6AI score0.00081EPSS

Cvelist•added 2024/01/15 3:10 p.m.•18 views

CVE-2023-6163 WP Crowdfunding < 2.1.10 - Admin+ Stored XSS

5AI score0.00081EPSS

WPVulnDB•added 2024/01/10 12:0 a.m.•15 views

EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to the EventON Lite setting...

Exploits2Affected Software1

NVD•added 2024/01/08 7:15 p.m.•8 views

CVE-2023-5911

The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...