CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3474 matches found

WPVulnDB•added 2023/06/19 12:0 a.m.•11 views

MojoPlug Slide Panel <= 1.1.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS8.2AI score0.00358EPSS

Exploits0Affected Software1

Positive Technologies•added 2023/06/19 12:0 a.m.•9 views

PT-2023-19360 · WordPress · Qubot

Name of the Vulnerable Software and Affected Versions: QuBot WordPress plugin versions prior to 1.1.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisit...

4.8CVSS7.9AI score0.00442EPSS

Exploits2References6

WPVulnDB•added 2023/06/15 12:0 a.m.•17 views

Flo Forms <= 1.0.40 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00316EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/06/13 12:0 a.m.•15 views

Password Protected < 2.6.3 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00393EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/06/13 12:0 a.m.•11 views

Booking and Rental Manager < 1.2.2 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00439EPSS

Exploits1Affected Software1

WPVulnDB•added 2023/06/13 12:0 a.m.•13 views

ARMember < 4.0.3 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00366EPSS

Exploits0Affected Software1

NVD•added 2023/06/12 6:15 p.m.•12 views

CVE-2023-1323

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS4.7AI score0.00444EPSS

Exploits1References1

Prion•added 2023/06/12 6:15 p.m.•19 views

Cross site scripting

4.3CVSS4.7AI score0.00444EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2023/06/09 6:16 a.m.•0 views

CVE-2023-2767

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.5CVSS6.9AI score0.00376EPSS

Exploits0References3

ATTACKERKB•added 2023/06/09 6:16 a.m.•3 views

CVE-2023-2584

The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 9.6.1 in the Pro version due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS6.8AI score0.00516EPSS

Exploits0References4

ATTACKERKB•added 2023/06/09 6:16 a.m.•1 views

CVE-2023-2452

The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS6.8AI score0.00536EPSS

Exploits0References4

ATTACKERKB•added 2023/06/09 6:16 a.m.•2 views

CVE-2023-2450

The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6.8AI score0.0056EPSS

Exploits0References4Affected Software1

OSV•added 2023/06/09 6:16 a.m.•1 views

CVE-2023-2450

4.4CVSS7.3AI score0.0056EPSS

Exploits0References3

OSV•added 2023/06/09 6:16 a.m.•4 views

CVE-2023-2452

4.4CVSS6.7AI score

Exploits0References3

Positive Technologies•added 2023/06/09 12:0 a.m.•4 views

PT-2023-21293 · WordPress +1 · Wordpress +2

Name of the Vulnerable Software and Affected Versions: WordPress File Upload and WordPress File Upload Pro plugins for WordPress versions up to, and including, 4.19.1 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and...

5.5CVSS5.7AI score0.00376EPSS

Exploits0References5

WPVulnDB•added 2023/06/08 12:0 a.m.•20 views

Kanban Boards for WordPress < 2.5.21 - Admin+ Stored XSS

4.8CVSS4.9AI score0.00544EPSS

Exploits2Affected Software1

OSV•added 2023/06/05 2:15 p.m.•2 views

CVE-2023-2489

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS7.3AI score

Exploits0References1

OSV•added 2023/06/05 2:15 p.m.•3 views

CVE-2023-2634

The Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score0.00539EPSS

Exploits2References1

OSV•added 2023/06/05 2:15 p.m.•2 views

CVE-2023-0545

The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score0.00442EPSS

Exploits2References1

Prion•added 2023/06/05 2:15 p.m.•17 views

Cross site scripting

4.3CVSS4.7AI score0.00442EPSS

Exploits2References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by