CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/06/27 9:15 a.m.•1 views

CVE-2022-1010

The Login using WordPress Users WP as SAML IDP WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in...

OSV•added 2022/06/27 9:15 a.m.•2 views

CVE-2022-1029

The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite...

OSV•added 2022/06/27 9:15 a.m.•1 views

CVE-2022-1095

The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

OSV•added 2022/06/27 9:15 a.m.•1 views

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

NVD•added 2022/06/27 9:15 a.m.•9 views

CVE-2022-1095

4.8CVSS0.00493EPSS

NVD•added 2022/06/27 9:15 a.m.•12 views

CVE-2022-1321

4.8CVSS0.0049EPSS

NVD•added 2022/06/27 9:15 a.m.•11 views

CVE-2022-1113

The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups...

4.8CVSS0.00493EPSS

NVD•added 2022/06/27 9:15 a.m.•18 views

CVE-2022-1029

4.8CVSS0.00758EPSS

ATTACKERKB•added 2022/06/27 9:15 a.m.•5 views

CVE-2022-1113

4.8CVSS5.5AI score0.00493EPSS

ATTACKERKB•added 2022/06/27 9:15 a.m.•3 views

CVE-2022-1029

4.8CVSS5.6AI score0.00758EPSS

Exploits2References3

ATTACKERKB•added 2022/06/27 9:15 a.m.•2 views

CVE-2022-1028

The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml ...

4.8CVSS5.6AI score0.0049EPSS

ATTACKERKB•added 2022/06/27 9:15 a.m.•3 views

CVE-2022-1010

4.8CVSS5.5AI score0.00559EPSS

Prion•added 2022/06/27 9:15 a.m.•19 views

Cross site scripting

3.5CVSS4.9AI score0.0049EPSS

Prion•added 2022/06/27 9:15 a.m.•15 views

Cross site scripting

The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup...

3.5CVSS4.9AI score0.0049EPSS

Cvelist•added 2022/06/27 8:59 a.m.•17 views

CVE-2022-1971 NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS

5AI score0.00493EPSS

Cvelist•added 2022/06/27 8:56 a.m.•33 views

CVE-2022-1029 Limit Login Attempts < 4.0.72 - Admin+ Stored Cross-Site Scripting

5.2AI score0.00758EPSS

WPVulnDB•added 2022/06/27 12:0 a.m.•16 views

W-DALIL <= 2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Add/edit a Dali Item and put the following payload in...

4.8CVSS2.2AI score0.00575EPSS

WPVulnDB•added 2022/06/27 12:0 a.m.•21 views

Simple Page Transition <= 1.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Ignored Download...

4.8CVSS1.4AI score0.00575EPSS