CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3482 matches found

WPVulnDB•added 2024/05/28 12:0 a.m.•19 views

FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Go to settings and change the...

7.7AI score0.00335EPSS

Exploits2References1Affected Software1

Vulnrichment•added 2024/05/27 6:0 a.m.•13 views

CVE-2024-3939 Ditty < 3.1.36 - Author+ Stored XSS

The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.6AI score0.00399EPSS

Exploits2References1

WPVulnDB•added 2024/05/24 12:0 a.m.•17 views

Social Pixel <= 2.1 - Admin+ Stored XSS

5.3AI score0.00419EPSS

Exploits2

WPVulnDB•added 2024/05/24 12:0 a.m.•14 views

Alemha Watermarker <= 1.3.1 - Author+ Stored XSS

5.4AI score0.00359EPSS

Exploits2

OSV•added 2024/05/23 6:15 a.m.•5 views

CVE-2024-3920

The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.8AI score0.00372EPSS

Exploits2References1

NVD•added 2024/05/23 6:15 a.m.•20 views

CVE-2024-3594

The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

8.7CVSS7.8AI score0.00518EPSS

Exploits2References1

OSV•added 2024/05/23 6:15 a.m.•5 views

CVE-2024-3594

8.7CVSS5.8AI score0.00518EPSS

Exploits2References1

OSV•added 2024/05/23 6:15 a.m.•4 views

CVE-2024-2220

The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.8AI score0.0033EPSS

Exploits2References1

Cvelist•added 2024/05/23 6:0 a.m.•26 views

CVE-2024-3920 Flattr <= 1.2.2 - Admin+ Stored XSS

7.8AI score0.00372EPSS

Exploits2References1

Vulnrichment•added 2024/05/23 6:0 a.m.•12 views

CVE-2024-3920 Flattr <= 1.2.2 - Admin+ Stored XSS

5.6AI score0.00372EPSS

Exploits2References1

Vulnrichment•added 2024/05/23 6:0 a.m.•19 views

CVE-2024-2220 Button contact VR <= 4.7 - Admin+ Stored XSS

5.8AI score0.0033EPSS

Exploits2References1

Cvelist•added 2024/05/23 6:0 a.m.•28 views

CVE-2024-3594 IDonate <= 1.9.0 - Admin+ Stored XSS

7.8AI score0.00518EPSS

Exploits2References1

Positive Technologies•added 2024/05/23 12:0 a.m.•4 views

PT-2024-28384 · WordPress · Flattr Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Flattr WordPress plugin versions 1.2.2 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...

3.5CVSS5.4AI score0.00372EPSS

Exploits2References3

WPVulnDB•added 2024/05/23 12:0 a.m.•13 views

Floating Chat Widget < 3.2.3 - Admin+ Stored XSS

5.4AI score0.00426EPSS

Exploits2References1Affected Software1

OSV•added 2024/05/22 8:15 a.m.•3 views

CVE-2023-6487

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.8AI score0.00298EPSS

Exploits0References2

OSV•added 2024/05/21 6:15 a.m.•5 views

CVE-2024-4061

The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00422EPSS

Exploits2References1

NVD•added 2024/05/21 6:15 a.m.•16 views

CVE-2024-4290

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

7.1CVSS7.8AI score0.00388EPSS

Exploits2References1

NVD•added 2024/05/21 6:15 a.m.•30 views

CVE-2024-4061

4.8CVSS7.8AI score0.00422EPSS

Exploits2References1

OSV•added 2024/05/21 6:15 a.m.•3 views

CVE-2024-2189

The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example ...

6.1CVSS5.8AI score0.00391EPSS

Exploits2References1