Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3471 matches found

NVD
NVDadded 2022/12/19 2:15 p.m.9 views

CVE-2022-4112

The Quizlord WordPress plugin through 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00535EPSS
Exploits2References1
NVD
NVDadded 2022/12/19 2:15 p.m.14 views

CVE-2022-4108

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to for example in multisite...

4.9CVSS0.00798EPSS
Exploits2References1
Prion
Prionadded 2022/12/19 2:15 p.m.17 views

Cross site scripting

The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.0047EPSS
Exploits1References1Affected Software1
Prion
Prionadded 2022/12/19 2:15 p.m.14 views

Code injection

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file from the server even when they should not be able to for example in multisite...

3.3CVSS5.1AI score0.00798EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2022/12/19 1:41 p.m.15 views

CVE-2022-4112 Quizlord <= 2.0 - Admin+ Stored XSS

The Quizlord WordPress plugin through 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00535EPSS
Exploits2References1
Cvelist
Cvelistadded 2022/12/19 1:41 p.m.30 views

CVE-2022-3832 External Media < 1.0.36 - Admin+ Stored XSS

The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.0047EPSS
Exploits1References1
WPVulnDB
WPVulnDBadded 2022/12/19 12:0 a.m.15 views

Sidebar Widgets by CodeLights <= 1.4 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize or escape the Extra CSS class parameter, allowing high privileged users, such as an administrator to inject arbitrary web scripts into pages, even when the unfiltered html capability is disabled e.g in multisite setups...

5.5CVSS2AI score0.00541EPSS
Exploits0Affected Software1
OSV
OSVadded 2022/12/15 9:15 p.m.1 views

CVE-2022-4519

The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.8CVSS5.9AI score0.00552EPSS
Exploits0References2
WPVulnDB
WPVulnDBadded 2022/12/13 12:0 a.m.22 views

Launchpad <= 10.13 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS2.3AI score0.00537EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDBadded 2022/12/13 12:0 a.m.17 views

Image Hover Effects Ultimate 9.8.1-9.8.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5CVSS2AI score0.00526EPSS
Exploits0Affected Software1
OSV
OSVadded 2022/12/12 6:15 p.m.2 views

CVE-2022-4010

The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00532EPSS
Exploits2References1
OSV
OSVadded 2022/12/12 6:15 p.m.1 views

CVE-2022-4000

The WooCommerce Shipping WordPress plugin through 1.2.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.0047EPSS
Exploits2References1
OSV
OSVadded 2022/12/12 6:15 p.m.4 views

CVE-2022-3906

The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score
Exploits0References1
OSV
OSVadded 2022/12/12 6:15 p.m.2 views

CVE-2022-3862

The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

4.8CVSS5.8AI score
Exploits0References1
NVD
NVDadded 2022/12/12 6:15 p.m.17 views

CVE-2022-3862

The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

4.8CVSS0.0047EPSS
Exploits2References1
Prion
Prionadded 2022/12/12 6:15 p.m.14 views

Cross site scripting

The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00392EPSS
Exploits1References1Affected Software1
Prion
Prionadded 2022/12/12 6:15 p.m.23 views

Cross site scripting

The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00532EPSS
Exploits2References1Affected Software1
Prion
Prionadded 2022/12/12 6:15 p.m.14 views

Cross site scripting

The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

4.3CVSS4.7AI score0.0047EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2022/12/12 5:54 p.m.24 views

CVE-2022-3862 Livemesh Addons for Elementor < 7.2.4 - Admin+ Stored XSS

The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

4.9AI score0.0047EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2022/12/12 5:54 p.m.6 views

CVE-2022-3906 Easy Form Builder < 3.4.0 - Admin+ Stored XSS

The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00392EPSS
Exploits1References1
Rows per page
Query Builder