CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2022/11/28 2:15 p.m.•9 views

Cross site scripting

The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00438EPSS

Vulnrichment•added 2022/11/28 1:47 p.m.•5 views

CVE-2022-3833 Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS

The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

5.6AI score0.00218EPSS

Vulnrichment•added 2022/11/28 1:47 p.m.•4 views

CVE-2022-3824 WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS

The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00166EPSS

Vulnrichment•added 2022/11/28 1:47 p.m.•4 views

CVE-2022-3828 Video Thumbnails <= 2.12.3 - Admin+ Stored XSS

The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.9AI score0.00227EPSS

Positive Technologies•added 2022/11/21 12:0 a.m.•1 views

PT-2022-23246 · WordPress · Spacer

Name of the Vulnerable Software and Affected Versions: Spacer WordPress plugin versions prior to 3.0.7 Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...

4.8CVSS6.1AI score0.00218EPSS

Exploits2References5

WPVulnDB•added 2022/11/16 12:0 a.m.•22 views

Image Hover Effects < 5.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Go to the plugin settings Image Hover Effects...

4.8CVSS0.6AI score0.00288EPSS

OSV•added 2022/11/14 3:15 p.m.•0 views

CVE-2022-3631

The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite...

4.8CVSS5.8AI score

Exploits0References1

Prion•added 2022/11/14 3:15 p.m.•12 views

Cross site scripting

4.3CVSS4.8AI score0.00218EPSS

Prion•added 2022/11/14 3:15 p.m.•11 views

Cross site scripting

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

4.3CVSS4.8AI score0.00357EPSS

WPVulnDB•added 2022/11/09 12:0 a.m.•15 views

Seed Social < 2.0.4 - Admin+ Stored XSS

2.2AI score0.00198EPSS

Prion•added 2022/11/07 10:15 a.m.•10 views

Cross site scripting

The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00438EPSS

WPVulnDB•added 2022/11/03 12:0 a.m.•14 views

Image Hover Effects Css3 <= 4.5 - Admin+ Stored XSS

4.8CVSS0.4AI score0.00218EPSS

WPVulnDB•added 2022/11/03 12:0 a.m.•10 views

Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS

4.8CVSS0.5AI score0.00218EPSS

WPVulnDB•added 2022/11/03 12:0 a.m.•14 views

Beautiful Cookie Consent Banner < 2.9.1 - Admin+ Stored XSS

4.8CVSS2.6AI score0.00179EPSS

Exploits1Affected Software1

WPVulnDB•added 2022/11/03 12:0 a.m.•18 views

reCAPTCHA <= 1.6 - Admin+ Stored XSS

4.8CVSS2.2AI score0.00438EPSS

WPVulnDB•added 2022/11/02 12:0 a.m.•14 views

AgentEasy Properties <= 1.0.4 - Admin+ Stored XSS

4.8CVSS2.2AI score0.00238EPSS

Exploits0Affected Software1

WPVulnDB•added 2022/11/02 12:0 a.m.•13 views

Jeeng Push Notifications < 2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Account ID"...

4.8CVSS1.1AI score0.00218EPSS

Cvelist•added 2022/10/31 12:0 a.m.•16 views

CVE-2022-3441 Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting

The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00344EPSS