CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

911 matches found

NVD•added 2022/06/27 9:15 a.m.•7 views

CVE-2022-1095

The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00308EPSS

Exploits2References1

NVD•added 2022/06/27 9:15 a.m.•11 views

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

4.8CVSS0.00393EPSS

Exploits2References1

Prion•added 2022/06/27 9:15 a.m.•12 views

Cross site scripting

The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup...

3.5CVSS4.9AI score0.00287EPSS

Exploits2References1Affected Software1

Prion•added 2022/06/27 9:15 a.m.•11 views

Cross site scripting

3.5CVSS4.9AI score0.00393EPSS

Exploits2References1Affected Software1

Cvelist•added 2022/06/27 8:56 a.m.•12 views

CVE-2022-1029 Limit Login Attempts < 4.0.72 - Admin+ Stored Cross-Site Scripting

The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite...

5.2AI score0.00185EPSS

Exploits2References1

WPVulnDB•added 2022/06/27 12:0 a.m.•19 views

Simple Page Transition <= 1.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Ignored Download...

4.8CVSS1.4AI score0.00201EPSS

Exploits2References1Affected Software1

Positive Technologies•added 2022/06/27 12:0 a.m.•3 views

PT-2022-13602

Name of the Vulnerable Software and Affected Versions Limit Login Attempts WordPress plugin versions prior to 4.0.72 Description The issue allows malicious users with administrator privileges to store malicious Javascript code, leading to Cross-Site Scripting attacks when unfiltered html is...

4.8CVSS6.1AI score0.00185EPSS

Exploits2References4

ATTACKERKB•added 2022/06/20 11:15 a.m.•2 views

CVE-2022-1945

The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfilteredhtml is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00206EPSS

Exploits2References2

Cvelist•added 2022/06/20 10:25 a.m.•16 views

CVE-2021-25088 Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting

The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00206EPSS

Exploits2References1

WPVulnDB•added 2022/06/06 12:0 a.m.•18 views

miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup PoC Enable 2FA + Website Security and...

4.8CVSS4.9AI score0.00393EPSS

Exploits2Affected Software1

WPVulnDB•added 2022/06/06 12:0 a.m.•14 views

NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a gallery with at least one image...

4.8CVSS0.7AI score0.00206EPSS

Exploits2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by