CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3474 matches found

NVD•added 2023/03/27 4:15 p.m.•8 views

CVE-2023-1025

The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00442EPSS

Exploits2References1

Prion•added 2023/03/27 4:15 p.m.•18 views

Cross site scripting

The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00501EPSS

Exploits2References1Affected Software1

Prion•added 2023/03/27 4:15 p.m.•14 views

Cross site scripting

4.3CVSS4.7AI score0.00442EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/03/27 3:37 p.m.•16 views

CVE-2023-1025 Simple File List < 6.0.10 - Admin+ Stored XSS

5AI score0.00442EPSS

Exploits2References1

Cvelist•added 2023/03/27 3:37 p.m.•20 views

CVE-2023-1400 Modern Events Calendar lite < 6.5.2 - Admin+ Stored XSS

4.9AI score0.00501EPSS

Exploits2References1

CVE•added 2023/03/27 3:37 p.m.•56 views

CVE-2023-1400

The CVE-2023-1400 entry concerns the WordPress plugin Modern Events Calendar Lite (pre-6.5.2). Root cause: the plugin does not sanitize/escape certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, including multisite contexts. Affect...

4.8CVSS4.9AI score0.00501EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2023/03/27 12:0 a.m.•18 views

Pagination by BestWebSoft < 1.2.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00366EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/03/21 12:0 a.m.•16 views

Disqus Conditional Load < 11.1.2 - Admin+ Stored Cross-Site Scripting

5.9CVSS4.8AI score0.00369EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/03/21 12:0 a.m.•12 views

Userlike – WordPress Live Chat < 2.3 - Admin+ Stored Cross-Site Scripting

5.9CVSS5.7AI score0.00392EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/03/21 12:0 a.m.•24 views

Lazy Social Comments <= 2.0.4 - Admin+ Stored Cross-Site Scripting

5.9CVSS5.7AI score0.00369EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/03/21 12:0 a.m.•17 views

Simple Custom Author Profiles <= 1.0.0 - Admin+ Stored Cross-Site Scripting

5.9CVSS5.7AI score0.00369EPSS

Exploits0Affected Software1

Positive Technologies•added 2023/03/21 12:0 a.m.•3 views

PT-2023-27174 · WordPress +1 · Armember Lite +1

Name of the Vulnerable Software and Affected Versions: The ARMember Lite - Membership Plugin for WordPress versions up to, and including, 4.0.14 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This...

4.8CVSS4.8AI score0.00456EPSS

Exploits0References10

WPVulnDB•added 2023/03/20 12:0 a.m.•20 views

Simple Giveaways < 2.45.1 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Login with an editor user and add/edi...

4.8CVSS4.9AI score0.00446EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/03/20 12:0 a.m.•16 views

Read More Without Refresh <= 3.1 - Admin+ Stored Cross-Site Scripting

5.9CVSS5.7AI score0.00392EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/03/20 12:0 a.m.•13 views

Time Sheets < 1.29.3 - Admin+ Stored XSS

4.8CVSS4.9AI score0.00442EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/03/20 12:0 a.m.•16 views

Simple Giveaways < 2.45.1 - Admin+ Stored XSS

4.8CVSS4.9AI score0.00442EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/03/20 12:0 a.m.•22 views

Event Manager for WooCommerce < 3.8.7 - Admin+ Stored XSS

5.9CVSS5.5AI score0.00369EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/03/20 12:0 a.m.•19 views

Kanban Boards for WordPress <= 2.5.20 - Admin+ Stored Cross-Site Scripting

5.9CVSS5.7AI score0.00369EPSS

Exploits0Affected Software1

NVD•added 2023/03/17 5:15 p.m.•22 views

CVE-2023-28107

Discourse is an open-source discussion platform. Prior to version 3.0.2 of the stable branch and version 3.1.0.beta3 of the beta and tests-passed branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a...

4.9CVSS4.7AI score0.00652EPSS

Exploits0References5

Prion•added 2023/03/17 5:15 p.m.•16 views

Design/Logic Flaw

3.3CVSS5.1AI score0.00652EPSS

Exploits0References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by