CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3475 matches found

WPVulnDB•added 2024/03/18 12:0 a.m.•17 views

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Click SendPress in the Admin...

5.5AI score0.0071EPSS

Exploits2

NVD•added 2024/03/15 8:15 p.m.•14 views

CVE-2024-27100

Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren't enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could...

6.5CVSS6.3AI score0.00555EPSS

Exploits0References2

Cvelist•added 2024/03/15 7:21 p.m.•31 views

CVE-2024-27100 Denial of service via Staff Actions in Discourse

6.5CVSS6.5AI score0.00555EPSS

Exploits0References2

Vulnrichment•added 2024/03/15 7:21 p.m.•29 views

CVE-2024-27100 Denial of service via Staff Actions in Discourse

6.5CVSS6.5AI score0.00555EPSS

Exploits0References2

Positive Technologies•added 2024/03/15 12:0 a.m.•3 views

PT-2024-21649 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta, and tests-passed versions Description: The issue affects the endpoints for suspending users, silencing users, and exporting CSV files, which do not enforce limits on the sizes of the...

6.5CVSS6.7AI score0.00555EPSS

Exploits0References6

OSV•added 2024/03/13 4:15 p.m.•1 views

CVE-2024-0898

The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This mak...

4.8CVSS5.9AI score0.00398EPSS

Exploits0References2

OSV•added 2024/03/13 4:15 p.m.•2 views

CVE-2024-0614

The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.8CVSS7.3AI score0.00685EPSS

Exploits1References3

OSV•added 2024/03/13 4:15 p.m.•2 views

CVE-2024-0449

The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score0.0053EPSS

Exploits0References2

OSV•added 2024/03/13 2:15 a.m.•2 views

CVE-2023-4839

The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to...

4.8CVSS5.9AI score0.00342EPSS

Exploits0References2

Positive Technologies•added 2024/03/13 12:0 a.m.•4 views

PT-2024-15690 · WordPress · Events Manager

Name of the Vulnerable Software and Affected Versions: Events Manager plugin for WordPress versions up to, and including, 6.4.6.4 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticat...

4.8CVSS8AI score0.00685EPSS

Exploits1References6

Positive Technologies•added 2024/03/13 12:0 a.m.•4 views

PT-2024-15569 · WordPress · Artibot Free Chat Bot For Wordpress Websites

Name of the Vulnerable Software and Affected Versions: ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress versions up to, and including, 1.1.6 Description: The issue allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pag...

4.8CVSS9.3AI score0.0053EPSS

Exploits0References5

Positive Technologies•added 2024/03/13 12:0 a.m.•5 views

PT-2024-13609 · WordPress · Wp Go Maps

Name of the Vulnerable Software and Affected Versions: WP Go Maps for WordPress versions up to, and including, 9.0.32 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers...

4.8CVSS8AI score0.00342EPSS

Exploits0References5

OSV•added 2024/03/11 6:15 p.m.•2 views

CVE-2024-0561

The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

5.4CVSS7.3AI score

Exploits0References1

OSV•added 2024/03/11 6:15 p.m.•2 views

CVE-2024-0559

The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

6.5CVSS7.3AI score0.00497EPSS

Exploits2References2

NVD•added 2024/03/11 6:15 p.m.•12 views

CVE-2024-0561

5.4CVSS5.4AI score0.00442EPSS

Exploits2References1