CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3475 matches found

Positive Technologies•added 2023/12/11 12:0 a.m.•5 views

PT-2023-32442 · WordPress · Contact Form Email

Name of the Vulnerable Software and Affected Versions: Contact Form Email WordPress plugin versions prior to 1.3.44 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

6.1CVSS6AI score0.00455EPSS

Exploits2References8

WPVulnDB•added 2023/12/11 12:0 a.m.•16 views

Tutor LMS < 2.3.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00394EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/12/11 12:0 a.m.•16 views

WP TripAdvisor Review Slider < 11.9 - Admin+ Stored XSS

4.8CVSS4.9AI score0.00402EPSS

Exploits2Affected Software1

OpenVAS•added 2023/12/11 12:0 a.m.•4 views

WordPress 6.4.x < 6.4.2 RCE Vulnerability - Windows

WordPress is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.2AI score

Exploits0References1

WPVulnDB•added 2023/12/10 12:0 a.m.•12 views

Rocket Maintenance Mode & Coming Soon Page < 4.4 - Admin+ Stored XSS

5.9CVSS4.9AI score0.00394EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/12/08 12:0 a.m.•31 views

Social Share Buttons & Analytics Plugin < 4.4 - Admin+ Stored XSS

5.9CVSS5.3AI score0.00394EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/12/07 12:0 a.m.•21 views

Nested Pages < 3.2.7 - Admin+ Stored XSS

5.9CVSS5.3AI score0.00386EPSS

Exploits0References1Affected Software1

OSV•added 2023/12/04 10:15 p.m.•2 views

CVE-2023-5137

The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

4.8CVSS7.4AI score0.00424EPSS

Exploits2References1

OSV•added 2023/12/04 10:15 p.m.•2 views

CVE-2023-5809

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0045EPSS

Exploits2References1

NVD•added 2023/12/04 10:15 p.m.•15 views

CVE-2023-5137

4.8CVSS0.00424EPSS

Exploits2References1

Prion•added 2023/12/04 10:15 p.m.•21 views

Cross site scripting

4.3CVSS5.9AI score0.0045EPSS

Exploits2References1Affected Software1

Positive Technologies•added 2023/12/04 12:0 a.m.•4 views

PT-2023-32343 · WordPress · Popup Box Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Popup box WordPress plugin versions prior to 3.8.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...

4.8CVSS4.6AI score0.0045EPSS

Exploits2References7

Positive Technologies•added 2023/12/04 12:0 a.m.•4 views

PT-2023-32389 · WordPress · Popup Box

Name of the Vulnerable Software and Affected Versions: Popup box WordPress plugin versions prior to 3.8.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some of its settings. Thi...

4.8CVSS4.6AI score0.0045EPSS

Exploits2References7

WPVulnDB•added 2023/12/02 12:0 a.m.•15 views

Evergreen Content Poster < 1.4.1 - Admin+ Stored XSS

5.9CVSS5.2AI score0.00386EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/12/02 12:0 a.m.•17 views

Multiple Post Passwords < 1.1.2 - Admin+ Stored XSS

5.9CVSS7.2AI score0.00394EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/11/29 12:0 a.m.•12 views

TriPay Payment Gateway < 3.2.8 - Admin+ Stored XSS

5.9CVSS5.3AI score0.00394EPSS

Exploits0References1Affected Software1

OSV•added 2023/11/27 5:15 p.m.•2 views

CVE-2023-5209

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example ...

4.8CVSS5.8AI score0.00451EPSS

Exploits2References1

NVD•added 2023/11/27 5:15 p.m.•17 views

CVE-2023-5209

4.8CVSS0.00451EPSS

Exploits2References1

OSV•added 2023/11/27 5:15 p.m.•2 views

CVE-2023-2707

The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00418EPSS

Exploits1References1

Prion•added 2023/11/27 5:15 p.m.•19 views

Cross site scripting

4.3CVSS5.8AI score0.00418EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by