CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3472 matches found

Positive Technologies•added 2023/01/09 12:0 a.m.•4 views

PT-2023-13617 · WordPress · 404 To Start Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: 404 to Start WordPress plugin versions 1.6.1 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example i...

4.8CVSS4.5AI score0.00532EPSS

Exploits2References4

ATTACKERKB•added 2023/01/05 7:15 p.m.•1 views

CVE-2023-0087

The Swifty Page Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘spmpluginoptionspagetreemaxwidth’ parameter in versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

5.5CVSS6AI score0.00647EPSS

Exploits1References3

OSV•added 2023/01/05 7:15 p.m.•1 views

CVE-2023-0087

4.8CVSS5.9AI score

Exploits0References2

WPVulnDB•added 2023/01/05 12:0 a.m.•25 views

CPO Companion < 1.1.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS2.2AI score0.00537EPSS

Exploits0Affected Software1

OSV•added 2023/01/02 10:15 p.m.•2 views

CVE-2022-4256

The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.8AI score

Exploits0References1

OSV•added 2023/01/02 10:15 p.m.•2 views

CVE-2022-4200

The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00532EPSS

Exploits2References1

OSV•added 2023/01/02 10:15 p.m.•3 views

CVE-2022-4119

The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.8AI score0.0047EPSS

Exploits2References1

OSV•added 2023/01/02 10:15 p.m.•3 views

CVE-2022-4109

The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 does not validate user input against path traversal attacks, allowing high privilege users such as admin to download arbitrary logs from the server even when they should not be able to for example in multisite...

2.7CVSS5.9AI score0.00705EPSS

Exploits2References1

OSV•added 2023/01/02 10:15 p.m.•1 views

CVE-2022-4198

The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.006EPSS

Exploits2References2

NVD•added 2023/01/02 10:15 p.m.•26 views

CVE-2022-4119

4.8CVSS4.7AI score0.0047EPSS

Exploits2References1

OSV•added 2023/01/02 10:15 p.m.•2 views

CVE-2022-3936

The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, which could allow high-privilege users such as editors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in a multisite setup...

4.8CVSS5.8AI score0.00532EPSS

Exploits2References1

Prion•added 2023/01/02 10:15 p.m.•13 views

Cross site scripting

4.3CVSS4.8AI score0.00532EPSS

Exploits2References1Affected Software1

Prion•added 2023/01/02 10:15 p.m.•11 views

Cross site scripting

4.3CVSS5.4AI score0.00532EPSS

Exploits2References1Affected Software1

Prion•added 2023/01/02 10:15 p.m.•12 views

Cross site scripting

4.3CVSS6.1AI score0.006EPSS

Exploits2References2Affected Software1

Cvelist•added 2023/01/02 9:49 p.m.•18 views

CVE-2022-4260 WP-Ban < 1.69.1 - Admin+ Stored XSS

The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.9AI score0.00858EPSS

Exploits2References1

Cvelist•added 2023/01/02 9:49 p.m.•31 views

CVE-2022-4200 Login with Cognito <= 1.4.8 - Admin+ Stored XSS

5.6AI score0.00532EPSS

Exploits2References1

Cvelist•added 2023/01/02 9:49 p.m.•11 views

CVE-2022-4109 Wholesale Market for WooCommerce < 2.0.0 - Admin+ Arbitrary Log Download

4.1AI score0.00705EPSS

Exploits2References1

Cvelist•added 2023/01/02 9:49 p.m.•18 views

CVE-2022-3936 Team Members < 5.2.1 - Editor+ Stored XSS

5.1AI score0.00532EPSS

Exploits2References1

Cvelist•added 2023/01/02 9:49 p.m.•32 views

CVE-2022-4119 Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS

5AI score0.0047EPSS

Exploits2References1

Positive Technologies•added 2023/01/02 12:0 a.m.•2 views

PT-2023-14051 · WordPress · Social Sharing

Name of the Vulnerable Software and Affected Versions: WP Social Sharing WordPress plugin versions through 2.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and...

9.8CVSS6.2AI score0.01854EPSS

Exploits11References17

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by