CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3470 matches found

ATTACKERKB•added 2022/10/03 2:15 p.m.•3 views

CVE-2022-2763

The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.9AI score0.00591EPSS

Exploits2References2

ATTACKERKB•added 2022/10/03 2:15 p.m.•2 views

CVE-2022-2628

The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.9AI score0.00548EPSS

Exploits2References2

OSV•added 2022/10/03 2:15 p.m.•3 views

CVE-2022-2628

4.8CVSS5.8AI score0.00548EPSS

Exploits2References1

NVD•added 2022/10/03 2:15 p.m.•16 views

CVE-2022-2628

4.8CVSS0.00548EPSS

Exploits2References1

Prion•added 2022/10/03 2:15 p.m.•21 views

Cross site scripting

4.3CVSS4.7AI score0.00548EPSS

Exploits2References1Affected Software1

UbuntuCve•added 2022/10/03 2:15 p.m.•18 views

CVE-2022-2628

4.8CVSS5.9AI score0.00548EPSS

Exploits2References2

Prion•added 2022/10/03 2:15 p.m.•14 views

Cross site scripting

The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00548EPSS

Exploits2References1Affected Software1

OSV•added 2022/10/03 2:15 p.m.•2 views

UBUNTU-CVE-2022-3128

4.8CVSS5.8AI score0.00548EPSS

Exploits2References3

OSV•added 2022/10/03 2:15 p.m.•2 views

UBUNTU-CVE-2022-2628

4.8CVSS5.8AI score0.00548EPSS

Exploits2References3

OSV•added 2022/10/03 2:15 p.m.•0 views

UBUNTU-CVE-2022-2763

4.8CVSS5.8AI score0.00591EPSS

Exploits2References3

Cvelist•added 2022/10/03 1:45 p.m.•25 views

CVE-2022-3128 Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting

4.9AI score0.00548EPSS

Exploits2References1

Cvelist•added 2022/10/03 1:45 p.m.•17 views

CVE-2022-2628 DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting

4.9AI score0.00548EPSS

Exploits2References1

WPVulnDB•added 2022/10/03 12:0 a.m.•14 views

WP Humans.txt <= 1.0.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Humans.txt...

4.8CVSS2AI score0.00583EPSS

Exploits2Affected Software1

Positive Technologies•added 2022/10/03 12:0 a.m.•2 views

PT-2022-18535 · WordPress · Wp Socializer

Name of the Vulnerable Software and Affected Versions: WP Socializer versions prior to 7.3 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a...

4.8CVSS4.6AI score0.00591EPSS

Exploits2References6

Positive Technologies•added 2022/10/03 12:0 a.m.•5 views

PT-2022-17763 · WordPress · Dsgvo All In One For Wp

Name of the Vulnerable Software and Affected Versions: DSGVO All in one for WP WordPress plugin versions prior to 4.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

4.8CVSS4.6AI score0.00548EPSS

Exploits2References6

WPVulnDB•added 2022/09/29 12:0 a.m.•16 views

Analytics Cat < 1.1.0 - Admin+ Stored Cross-Site Scripting

4.8CVSS2.4AI score0.00412EPSS

Exploits0Affected Software1

WPVulnDB•added 2022/09/29 12:0 a.m.•17 views

Accordions < 2.1.0 - Admin+ Stored XSS

4.8CVSS2.2AI score0.00404EPSS

Exploits0Affected Software1

WPVulnDB•added 2022/09/27 12:0 a.m.•17 views

Advanced Ads < 1.32.0 - Admin+ Stored XSS

4.8CVSS2.1AI score0.00437EPSS

Exploits0Affected Software1

OSV•added 2022/09/26 1:15 p.m.•1 views

CVE-2022-3135

The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00532EPSS

Exploits2References1

OSV•added 2022/09/26 1:15 p.m.•2 views

CVE-2022-3076

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example...

7.2CVSS5.9AI score0.01054EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by