CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3474 matches found

Vulnrichment•added 2023/05/08 1:58 p.m.•6 views

CVE-2023-0894 Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS

The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.7AI score0.00442EPSS

Exploits2References1

WPVulnDB•added 2023/05/03 12:0 a.m.•18 views

UserAgent-Spy <= 1.3.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS

Exploits0Affected Software1

OSV•added 2023/05/02 8:15 a.m.•2 views

CVE-2023-1614

The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score0.00501EPSS

Exploits2References1

OSV•added 2023/05/02 8:15 a.m.•1 views

CVE-2023-1554

The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0047EPSS

Exploits2References1

NVD•added 2023/05/02 8:15 a.m.•13 views

CVE-2023-1614

4.8CVSS4.7AI score0.00501EPSS

Exploits2References1

OSV•added 2023/05/02 8:15 a.m.•2 views

CVE-2023-1021

The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score0.00442EPSS

Exploits2References1

OSV•added 2023/05/02 8:15 a.m.•3 views

CVE-2023-0924

The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install...

7.2CVSS7.2AI score0.00962EPSS

Exploits2References1

OSV•added 2023/05/02 8:15 a.m.•3 views

CVE-2023-1525

The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score0.00501EPSS

Exploits2References1

OSV•added 2023/05/02 8:15 a.m.•1 views

CVE-2023-1090

The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00535EPSS

Exploits2References2

NVD•added 2023/05/02 8:15 a.m.•8 views

CVE-2023-0924

7.2CVSS6.8AI score0.00962EPSS

Exploits2References1

NVD•added 2023/05/02 8:15 a.m.•10 views

CVE-2023-1090

4.8CVSS4.7AI score0.00535EPSS

Exploits2References2

NVD•added 2023/05/02 8:15 a.m.•10 views

CVE-2023-1525