CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3474 matches found

Positive Technologies•added 2023/04/10 12:0 a.m.•2 views

PT-2023-16578 · WordPress · Klaviyo

Name of the Vulnerable Software and Affected Versions: Klaviyo WordPress plugin versions prior to 3.0.10 Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitized and escape...

4.8CVSS5.5AI score0.00442EPSS

Exploits2References4

ATTACKERKB•added 2023/04/06 3:15 p.m.•2 views

CVE-2023-1913

The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.8CVSS6.7AI score0.00377EPSS

Exploits0References3

WPVulnDB•added 2023/04/06 12:0 a.m.•14 views

Maps Widget for Google Maps < 4.25 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.5AI score0.00377EPSS

Exploits0Affected Software1

OSV•added 2023/04/05 2:15 p.m.•2 views

CVE-2023-1869

The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and...

4.8CVSS5.9AI score0.00482EPSS

Exploits0References3

ATTACKERKB•added 2023/04/05 2:15 p.m.•5 views

CVE-2023-1869

5.5CVSS6.8AI score0.00482EPSS

Exploits0References4

WPVulnDB•added 2023/04/05 12:0 a.m.•20 views

Site Reviews < 6.7.1 - Admin+ Stored XSS

4.8CVSS8.7AI score0.00501EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/04/05 12:0 a.m.•11 views

WP SMTP Mailing Queue < 2.0.1 - Admin+ Stored XSS

4.8CVSS8.6AI score0.00535EPSS

Exploits2References1Affected Software1

ATTACKERKB•added 2023/04/04 8:15 p.m.•0 views

CVE-2023-1840

The Sptify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS6AI score0.00352EPSS

Exploits0References3

OSV•added 2023/04/04 8:15 p.m.•1 views

CVE-2023-1840

4.8CVSS5.9AI score

Exploits0References2

WPVulnDB•added 2023/04/04 12:0 a.m.•13 views

Amr Ical Events Lists <= 6.6 - Admin+ Stored XSS

4.8CVSS8.4AI score0.00442EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/04/04 12:0 a.m.•11 views

Sp*tify Play Button for WordPress < 2.08 - Admin+ Stored XSS

4.8CVSS5.5AI score0.00352EPSS

Exploits0Affected Software1

Positive Technologies•added 2023/04/04 12:0 a.m.•2 views

PT-2023-17273 · WordPress · Spotify Play Button

Name of the Vulnerable Software and Affected Versions: The Sptify Play Button for WordPress plugin versions up to, and including, 2.07 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

4.8CVSS5.7AI score0.00352EPSS

Exploits0References5

WPVulnDB•added 2023/04/03 12:0 a.m.•22 views

Product Enquiry for WooCommerce < 2.2.13 - Admin+ Stored XSS

5.9CVSS5.5AI score0.00369EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/03/31 12:0 a.m.•29 views

Enhanced WP Contact Form <= 2.3 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00369EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/03/30 12:0 a.m.•15 views

Premmerce Redirect Manager <= 1.0.10 - Admin+ Stored XSS

5.9CVSS4.8AI score0.00369EPSS

Exploits0Affected Software1

OSV•added 2023/03/29 3:15 p.m.•3 views

CVE-2023-1575

The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS5.9AI score0.00373EPSS

Exploits0References2

WPVulnDB•added 2023/03/29 12:0 a.m.•15 views

Wp Ultimate Review < 2.1.0 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00366EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/03/29 12:0 a.m.•12 views

Mega Main Menu <= 2.2.2 - Admin+ Stored XSS

5.5CVSS5.5AI score0.00373EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/03/29 12:0 a.m.•12 views

Simple Image Popup < 2.0.0 - Admin+ Stored XSS

5.9CVSS4.8AI score0.00421EPSS

Exploits0Affected Software1

OSV•added 2023/03/27 4:15 p.m.•1 views

CVE-2023-1025

The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00442EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by