CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3475 matches found

WPVulnDB•added 2023/06/26 12:0 a.m.•18 views

Cancel order request WooCommerce < 1.3.3 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.8AI score0.00366EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/06/26 12:0 a.m.•14 views

Optin Forms <= 1.3.2 - Admin+ Stored XSS

5.9CVSS5.8AI score0.00369EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/06/26 12:0 a.m.•15 views

SimpleModal Contact Form (SMCF) <= 1.2.9 - Admin+ Stored XSS

5.9CVSS5.8AI score0.00366EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/06/26 12:0 a.m.•14 views

NEX-Forms < 8.4.4 - Authenticated Stored XSS

The plugin does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such feature. PoC Create a new form with the...

5.4CVSS5.4AI score0.00317EPSS

Exploits1Affected Software1

OSV•added 2023/06/19 11:15 a.m.•1 views

CVE-2023-2684

The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00442EPSS

Exploits2References1

OSV•added 2023/06/19 11:15 a.m.•3 views

CVE-2023-2401

The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score0.00442EPSS

Exploits2References1

OSV•added 2023/06/19 11:15 a.m.•3 views

CVE-2023-2600

The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score

Exploits0References1

NVD•added 2023/06/19 11:15 a.m.•10 views

CVE-2023-2684

4.8CVSS4.7AI score0.00442EPSS

Exploits2References1

NVD•added 2023/06/19 11:15 a.m.•40 views

CVE-2023-2401

4.8CVSS4.7AI score0.00442EPSS

Exploits2References1

NVD•added 2023/06/19 11:15 a.m.•12 views

CVE-2023-2812

The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00466EPSS

Exploits2References1

Prion•added 2023/06/19 11:15 a.m.•12 views

Cross site scripting

4.3CVSS4.7AI score0.00442EPSS

Exploits2References1Affected Software1

Prion•added 2023/06/19 11:15 a.m.•11 views

Cross site scripting

4.3CVSS4.7AI score0.00466EPSS

Exploits2References1Affected Software1

Prion•added 2023/06/19 11:15 a.m.•13 views

Cross site scripting

4.3CVSS4.8AI score0.00402EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/06/19 10:52 a.m.•17 views

CVE-2023-2812 Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS

5AI score0.00466EPSS

Exploits2References1

CVE•added 2023/06/19 10:52 a.m.•39 views

CVE-2023-2600

CVE-2023-2600 concerns the WordPress plugin Custom Base Terms prior to version 1.0.3, where certain settings aren’t sanitized or escaped. This can enable stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). The NVD entry assigns CVSS 3.1: AV...

4.8CVSS4.8AI score0.00402EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/06/19 10:52 a.m.•12 views

CVE-2023-2600 Custom Base Terms < 1.0.3 - Admin+ Stored XSS

5AI score0.00402EPSS

Exploits1References1

Cvelist•added 2023/06/19 10:52 a.m.•18 views

CVE-2023-2684 File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting

5AI score0.00442EPSS

Exploits2References1

WPVulnDB•added 2023/06/19 12:0 a.m.•12 views

Call Now Accessibility Button < 1.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Fields in the "Options" section of the...

4.8CVSS5.4AI score0.00451EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2023/06/19 12:0 a.m.•25 views

Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting

4.8CVSS5.3AI score0.00469EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/06/19 12:0 a.m.•165 views

Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting

Description The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the plugin's "Quick Start" field, add...

4.8CVSS4.7AI score0.00423EPSS

Exploits2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by