CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

911 matches found

WPVulnDB•added 2023/05/22 12:0 a.m.•13 views

MailChimp Subscribe Forms < 4.0.9.2 - Admin+ Stored XSS

The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

5.9CVSS6.6AI score0.00207EPSS

Exploits0References2Affected Software1

OSV•added 2023/05/16 9:15 a.m.•0 views

CVE-2023-2548

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

7.2CVSS7.1AI score

Exploits0References2

NVD•added 2023/05/16 9:15 a.m.•8 views

CVE-2023-2548

7.2CVSS6.4AI score0.0054EPSS

Exploits0References2

Prion•added 2023/05/16 9:15 a.m.•15 views

Authorization

5.8CVSS6.7AI score0.0054EPSS

Exploits0References2Affected Software1

OSV•added 2023/05/15 1:15 p.m.•1 views

CVE-2023-1839

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

4.8CVSS6.6AI score0.00328EPSS

Exploits2References1

NVD•added 2023/05/15 1:15 p.m.•10 views

CVE-2023-0892

The BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00326EPSS

Exploits2References1

NVD•added 2023/05/15 1:15 p.m.•9 views

CVE-2023-2009

Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.8AI score0.01098EPSS

Exploits2References1

OSV•added 2023/05/15 1:15 p.m.•1 views

CVE-2023-0892

4.8CVSS6.6AI score

Exploits0References1

Cvelist•added 2023/05/15 12:15 p.m.•13 views

CVE-2023-1839 Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting

5AI score0.00328EPSS

Exploits2References1

Vulnrichment•added 2023/05/15 12:15 p.m.•6 views

CVE-2023-2009 Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings

5.7AI score0.01098EPSS

Exploits2References1

Cvelist•added 2023/05/15 12:15 p.m.•13 views

CVE-2023-0892 BizLibrary <= 1.1 - Admin+ Stored XSS

5AI score0.00326EPSS

Exploits2References1

WPVulnDB•added 2023/05/15 12:0 a.m.•15 views

Stop Spammers Security < 2023 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the payload below in any of the "Challenge...

4.8CVSS8.2AI score0.00113EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/05/12 12:0 a.m.•12 views

DBargain <= 3.0.0 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00067EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/05/12 12:0 a.m.•17 views

Get Your Number <= 1.1.3 - Admin+ Stored XSS

4.8CVSS8.2AI score0.00432EPSS

Exploits2Affected Software1

OSV•added 2023/05/08 2:15 p.m.•0 views

CVE-2023-0894

The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS6.6AI score

Exploits0References1

Prion•added 2023/05/08 2:15 p.m.•9 views

Cross site scripting

4.3CVSS4.7AI score0.00207EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/05/08 1:58 p.m.•15 views

CVE-2023-1649 ChatBot < 4.5.1 - Admin+ Stored XSS

The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00226EPSS

Exploits2References1

Vulnrichment•added 2023/05/08 1:58 p.m.•5 views

CVE-2023-0894 Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS

4.7AI score0.00207EPSS

Exploits2References1

NVD•added 2023/05/02 8:15 a.m.•13 views

CVE-2023-1614

The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00415EPSS

Exploits2References1

OSV•added 2023/05/02 8:15 a.m.•0 views

CVE-2023-1554

The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by