CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

913 matches found

Prion•added 2023/09/25 4:15 p.m.•20 views

Cross site scripting

The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisi...

4.3CVSS4.7AI score0.00402EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2023/09/25 12:0 a.m.•17 views

Tutor LMS < 2.3.0 - Subscriber+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Register a student account and go to the...

5.4CVSS5.8AI score0.00403EPSS

Exploits2Affected Software1

OSV•added 2023/09/19 8:15 p.m.•2 views

CVE-2023-4376

The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

4.8CVSS5.8AI score

Exploits0References1

OSV•added 2023/09/19 8:15 p.m.•2 views

CVE-2023-2995

The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score

Exploits0References1

NVD•added 2023/09/19 8:15 p.m.•28 views

CVE-2023-4376

4.8CVSS4.7AI score0.00402EPSS

Exploits2References1

Prion•added 2023/09/19 8:15 p.m.•14 views

Cross site scripting

4.3CVSS4.7AI score0.00402EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2023/09/18 12:0 a.m.•14 views

Client Portal : SuiteDash Direct Login <= 1.7.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS

Exploits0

WPVulnDB•added 2023/09/18 12:0 a.m.•26 views

nuajik CDN <= 0.1.0 - Admin+ Stored XSS

5.9CVSS5.6AI score0.00359EPSS

Exploits0

WPVulnDB•added 2023/09/18 12:0 a.m.•18 views

WP Default Feature Image <= 1.0.1.1 - Admin+ Stored XSS

5.9CVSS5.6AI score0.00379EPSS

Exploits1

WPVulnDB•added 2023/09/18 12:0 a.m.•18 views

wp tell a friend popup form <= 7.1 - Admin+ Stored XSS

5.9CVSS5.6AI score0.0031EPSS

Exploits0

WPVulnDB•added 2023/09/18 12:0 a.m.•14 views

wpShopGermany – Protected Shops < 2.1 - Admin+ Stored XSS

5.9CVSS5.6AI score0.00316EPSS

Exploits0Affected Software1

NVD•added 2023/09/11 8:15 p.m.•19 views

CVE-2023-4060

The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00399EPSS

Exploits2References1

Prion•added 2023/09/11 8:15 p.m.•13 views

Cross site scripting

The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00402EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/09/11 7:46 p.m.•29 views

CVE-2023-3170 tagDiv Composer < 4.2 - Admin+ Stored XSS

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

5.1AI score0.00377EPSS

Exploits2References1

Cvelist•added 2023/09/11 7:46 p.m.•27 views

CVE-2023-4060 WP Adminify < 3.1.6 - Admin+ Stored XSS

5AI score0.00399EPSS

Exploits2References1

WPVulnDB•added 2023/09/07 12:0 a.m.•13 views

WooCommerce PDF Invoice Builder < 1.2.91 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.4AI score0.00412EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/09/06 12:0 a.m.•16 views

WRC Pricing Tables < 2.3.9 - Admin+ Stored XSS

5.9CVSS5.6AI score0.00316EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/09/06 12:0 a.m.•19 views

CT Commerce <= 2.0.1 - Admin+ Stored XSS

5.9CVSS6AI score0.00316EPSS

Exploits0

OSV•added 2023/09/04 12:15 p.m.•3 views

CVE-2023-4253

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score

Exploits0References1

NVD•added 2023/09/04 12:15 p.m.•9 views

CVE-2023-4254

4.8CVSS4.7AI score0.00408EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by