CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

911 matches found

WPVulnDB•added 2023/04/19 12:0 a.m.•23 views

SparkPost <= 3.2.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00207EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/04/19 12:0 a.m.•18 views

Continuous announcement scroller <= 13.0 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00207EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/04/18 12:0 a.m.•13 views

Semalt Blocker <= 1.1.3 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00207EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/04/18 12:0 a.m.•19 views

Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings

Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the "Enter the URL: field, add the XSS...

4.8CVSS7.4AI score0.01098EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/04/18 12:0 a.m.•18 views

ApexChat < 1.3.2 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00207EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/04/17 12:0 a.m.•12 views

WP Login Box <= 2.0.2 - Admin+ Stored XSS

4.8CVSS7.6AI score0.00207EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/04/14 12:0 a.m.•13 views

Electric Studio Client Login <= 0.8.1 - Admin+ Stored XSS

5.9CVSS5.5AI score0.00207EPSS

Exploits0Affected Software1

OSV•added 2023/04/10 2:15 p.m.•0 views

CVE-2023-1121

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score

Exploits0References1

Prion•added 2023/04/10 2:15 p.m.•14 views

Cross site scripting

The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.8AI score0.00207EPSS

Exploits2References1Affected Software1

Prion•added 2023/04/10 2:15 p.m.•11 views

Cross site scripting

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00207EPSS

Exploits2References1Affected Software1

Prion•added 2023/04/10 2:15 p.m.•9 views

Cross site scripting

The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00226EPSS

Exploits2References1Affected Software1

Prion•added 2023/04/10 2:15 p.m.•10 views

Cross site scripting

4.3CVSS4.7AI score0.00226EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/04/10 1:18 p.m.•11 views

CVE-2023-1121 Simple Giveaways < 2.45.1 - Admin+ Stored Cross-Site Scripting

5AI score0.00207EPSS

Exploits2References1

Cvelist•added 2023/04/10 1:18 p.m.•13 views

CVE-2023-0874 Klaviyo <= 3.0.10 - Admin+ Stored XSS

5AI score0.00207EPSS

Exploits2References1

Vulnrichment•added 2023/04/10 1:18 p.m.•8 views

CVE-2023-1120 Simple Giveaways < 2.45.1 - Admin+ Stored XSS

4.7AI score0.00226EPSS

Exploits2References1

Cvelist•added 2023/04/10 1:17 p.m.•14 views

CVE-2023-0893 Time Sheets < 1.29.3 - Admin+ Stored XSS

5AI score0.00226EPSS

Exploits2References1

Positive Technologies•added 2023/04/10 12:0 a.m.•2 views

PT-2023-16395 · WordPress · Auto Rename Media On Upload

Name of the Vulnerable Software and Affected Versions: Auto Rename Media On Upload WordPress plugin versions prior to 1.1.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, f...

4.8CVSS4.6AI score0.00207EPSS

Exploits1References4

WPVulnDB•added 2023/04/05 12:0 a.m.•19 views

Site Reviews < 6.7.1 - Admin+ Stored XSS

4.8CVSS8.7AI score0.00288EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/04/04 12:0 a.m.•12 views

Amr Ical Events Lists <= 6.6 - Admin+ Stored XSS

4.8CVSS8.4AI score0.00207EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/04/03 12:0 a.m.•21 views

Product Enquiry for WooCommerce < 2.2.13 - Admin+ Stored XSS