CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3474 matches found

OSV•added 2023/05/15 1:15 p.m.•3 views

CVE-2023-1839

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

4.8CVSS6.6AI score0.00461EPSS

Exploits2References1

NVD•added 2023/05/15 1:15 p.m.•20 views

CVE-2023-0892

The BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00489EPSS

Exploits2References1

NVD•added 2023/05/15 1:15 p.m.•30 views

CVE-2023-2009

Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.8AI score0.00824EPSS

Exploits2References1

Prion•added 2023/05/15 1:15 p.m.•12 views

Cross site scripting

4.3CVSS4.7AI score0.00489EPSS

Exploits2References1Affected Software1

Prion•added 2023/05/15 1:15 p.m.•11 views

Cross site scripting

4.3CVSS4.7AI score0.00824EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/05/15 12:15 p.m.•26 views

CVE-2023-1839 Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting

5AI score0.00461EPSS

Exploits2References1

Vulnrichment•added 2023/05/15 12:15 p.m.•8 views

CVE-2023-2009 Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings

5.7AI score0.00824EPSS

Exploits2References1

Cvelist•added 2023/05/15 12:15 p.m.•28 views

CVE-2023-0892 BizLibrary <= 1.1 - Admin+ Stored XSS

5AI score0.00489EPSS

Exploits2References1

WPVulnDB•added 2023/05/15 12:0 a.m.•16 views

Stop Spammers Security < 2023 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the payload below in any of the "Challenge...

4.8CVSS8.2AI score0.00442EPSS

Exploits2Affected Software1

Positive Technologies•added 2023/05/15 12:0 a.m.•4 views

PT-2023-17407 · WordPress · Pretty Url

Name of the Vulnerable Software and Affected Versions: Pretty Url WordPress plugin versions 1.5.4 and earlier Description: The issue arises from the plugin's failure to sanitize and escape the URL field in its settings, potentially allowing high-privilege users to perform Stored Cross-Site...

4.8CVSS8.1AI score0.00824EPSS

Exploits2References6

Positive Technologies•added 2023/05/15 12:0 a.m.•2 views

PT-2023-16595 · WordPress · Bizlibrary Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: BizLibrary WordPress plugin versions 1.1 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...

4.8CVSS8AI score0.00489EPSS

Exploits2References5

WPVulnDB•added 2023/05/12 12:0 a.m.•18 views

Get Your Number <= 1.1.3 - Admin+ Stored XSS

4.8CVSS8.2AI score0.00539EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/05/12 12:0 a.m.•13 views

DBargain <= 3.0.0 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00366EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/05/10 12:0 a.m.•11 views

Tiny carousel horizontal slider plus <= 3.2 - Admin+ Stored XSS

The plugin does not escape several fields in the edit gallery and edit image forms, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.8AI score0.00369EPSS

Exploits0Affected Software1

OSV•added 2023/05/08 2:15 p.m.•3 views

CVE-2023-1649

The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score

Exploits0References1

OSV•added 2023/05/08 2:15 p.m.•1 views

CVE-2023-0894

The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS6.6AI score0.00442EPSS

Exploits2References1

OSV•added 2023/05/08 2:15 p.m.•2 views

CVE-2023-0544

The WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score0.00442EPSS

Exploits2References1

Prion•added 2023/05/08 2:15 p.m.•13 views

Cross site scripting

4.3CVSS4.7AI score0.00442EPSS

Exploits2References1Affected Software1

Prion•added 2023/05/08 2:15 p.m.•15 views

Cross site scripting

4.3CVSS4.7AI score0.00442EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/05/08 1:58 p.m.•22 views

CVE-2023-1649 ChatBot < 4.5.1 - Admin+ Stored XSS