CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3475 matches found

OSV•added 2023/10/20 8:15 a.m.•3 views

CVE-2023-5121

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings the backup path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.8CVSS6.5AI score0.00333EPSS

Exploits0References2

OSV•added 2023/10/20 8:15 a.m.•2 views

CVE-2023-4021

The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS7.3AI score0.00319EPSS

Exploits0References2

OSV•added 2023/10/20 8:15 a.m.•3 views

CVE-2023-4648

The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.8CVSS7.3AI score0.00303EPSS

Exploits0References2

OSV•added 2023/10/20 8:15 a.m.•5 views

CVE-2023-3996

The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS5.9AI score0.00456EPSS

Exploits0References5

OSV•added 2023/10/20 7:15 a.m.•1 views

CVE-2023-4271

The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘psresbuttonsize’ parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS7.3AI score0.00403EPSS

Exploits0References3

WPVulnDB•added 2023/10/20 12:0 a.m.•19 views

Migration, Backup, Staging – WPvivid < 0.9.90 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.4AI score0.00328EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/10/20 12:0 a.m.•20 views

Get Custom Field Values < 4.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/10/20 12:0 a.m.•16 views

Image vertical reel scroll slideshow <= 9.2 - Admin+ Stored XSS

5.9CVSS4.8AI score0.00316EPSS

Exploits0References1

WPVulnDB•added 2023/10/20 12:0 a.m.•12 views

Mendeley <= 1.3.4 - Admin+ Stored XSS

5.9CVSS4.8AI score0.00316EPSS

Exploits0

WPVulnDB•added 2023/10/20 12:0 a.m.•21 views

Photospace Responsive < 2.1.2 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.5AI score0.00403EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/10/20 12:0 a.m.•25 views

Open User Map | Everybody can add locations < 1.3.27 - Admin+ Stored XSS

5.9CVSS5.6AI score0.00316EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/10/20 12:0 a.m.•17 views

WP Customer Reviews < 3.6.7 - Admin+ Stored XSS

4.8CVSS5.5AI score0.00303EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/10/20 12:0 a.m.•17 views

Thumbnail Slider With Lightbox < 1.0.20 - Admin+ Stored XSS

4.8CVSS5.5AI score0.004EPSS

Exploits0

Positive Technologies•added 2023/10/20 12:0 a.m.•3 views

PT-2023-31777 · WordPress · Wpvivid

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including, 0.9.89 Description: The issue is related to Stored Cross-Site Scripting via admin settings, specifically the backup path parameter, due to insufficient...

4.8CVSS5.2AI score0.00333EPSS

Exploits0References6

Positive Technologies•added 2023/10/19 12:0 a.m.•2 views

PT-2023-28531 · WordPress · Photospace Responsive

Name of the Vulnerable Software and Affected Versions: Photospace Responsive plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is related to Stored Cross-Site Scripting via the psres button size parameter due to insufficient input sanitization and output escaping...

4.8CVSS5.7AI score0.00403EPSS

Exploits0References7

OSV•added 2023/10/18 8:15 a.m.•4 views

CVE-2023-5621

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score0.004EPSS

Exploits0References3

WPVulnDB•added 2023/10/18 12:0 a.m.•21 views

Hitsteps Web Analytics < 5.87 - Admin+ Stored XSS

5.9CVSS6AI score0.00316EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/10/18 12:0 a.m.•10 views

Comment Reply Email < 1.0.4 - Admin+ Stored XSS

5.9CVSS5.6AI score0.00316EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/10/17 12:0 a.m.•23 views

Tiny Carousel Horizontal Slider <= 8.1 - Admin+ Stored XSS