CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

913 matches found

WPVulnDB•added 2024/04/03 12:0 a.m.•20 views

Floating Chat Widget < 3.1.9 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Chaty New Widget" 2...

5.3AI score0.00394EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2024/03/29 12:0 a.m.•22 views

Breeze < 2.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape its breezeapitoken settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.8AI score0.00342EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/03/25 12:0 a.m.•17 views

NPS computy < 2.7.6 - Admin+ Stored XSS

7.7AI score0.0051EPSS

Exploits2Affected Software1

WPVulnDB•added 2024/03/25 12:0 a.m.•16 views

Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload

Description The plugin does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup PoC 1. Go to the plugin setting and in the "Restore" section...

9.3AI score0.00649EPSS

Exploits2Affected Software1

WPVulnDB•added 2024/03/22 12:0 a.m.•16 views

Tracking Code Manager < 2.1.0 -Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.00319EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/03/21 12:0 a.m.•30 views

Advanced Access Manager < 6.9.21 - Admin+ Stored Cross-Site Scripting

5.9CVSS6AI score0.00375EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/03/18 12:0 a.m.•17 views

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings

5.5AI score0.0071EPSS

Exploits2

NVD•added 2024/03/11 6:15 p.m.•11 views

CVE-2024-0561

The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

5.4CVSS5.4AI score0.00442EPSS

Exploits2References1

Prion•added 2024/03/11 6:15 p.m.•28 views

Cross site scripting

5.6AI score0.00442EPSS

Exploits2References1

Vulnrichment•added 2024/03/11 5:56 p.m.•15 views

CVE-2024-0561 Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

5.4AI score0.00442EPSS

Exploits2References1

Cvelist•added 2024/03/11 5:56 p.m.•24 views

CVE-2024-0559 Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS

The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

5.6AI score0.00497EPSS

Exploits2References2

WPVulnDB•added 2024/03/11 12:0 a.m.•18 views

WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC As and admin, create a...

4.9AI score0.0042EPSS

Exploits2Affected Software1

WPVulnDB•added 2024/03/04 12:0 a.m.•17 views

Ebook Store < 5.8002 - Admin+ Stored XSS

5.9CVSS5.4AI score0.00336EPSS

Exploits0References1Affected Software1

NVD•added 2024/02/27 9:15 a.m.•19 views

CVE-2023-7167

The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS5.3AI score0.00396EPSS

Exploits2References1

Prion•added 2024/02/27 9:15 a.m.•17 views

Cross site scripting

The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9AI score0.00417EPSS

Exploits2References1

Prion•added 2024/02/27 9:15 a.m.•13 views

Cross site scripting

The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9AI score0.00402EPSS

Exploits2References1

Vulnrichment•added 2024/02/27 8:30 a.m.•18 views

CVE-2024-1106 Shariff Wrapper < 4.6.10 - Admin+ Stored XSS

5.3AI score0.00417EPSS

Exploits2References1

Cvelist•added 2024/02/27 8:30 a.m.•19 views

CVE-2024-1106 Shariff Wrapper < 4.6.10 - Admin+ Stored XSS

5.5AI score0.00417EPSS

Exploits2References1

WPVulnDB•added 2024/02/27 12:0 a.m.•16 views

Profile Box Shortcode And Widget < 1.2.1 - Admin+ Stored XSS