Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3482 matches found

NVD
NVDadded 2024/01/16 4:15 p.m.20 views

CVE-2022-3836

The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00497EPSS
Exploits2References1
OSV
OSVadded 2024/01/16 4:15 p.m.2 views

CVE-2022-3836

The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score
Exploits0References1
OSV
OSVadded 2024/01/16 4:15 p.m.4 views

CVE-2022-3829

The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00524EPSS
Exploits2References1
OSV
OSVadded 2024/01/16 4:15 p.m.4 views

CVE-2023-0389

The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

4.8CVSS5.8AI score0.00473EPSS
Exploits2References1
Prion
Prionadded 2024/01/16 4:15 p.m.17 views

Cross site scripting

The Hubbub Lite formerly Grow Social WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.3CVSS5.9AI score0.0044EPSS
Exploits2References1Affected Software1
Prion
Prionadded 2024/01/16 4:15 p.m.21 views

Cross site scripting

The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS6AI score0.00524EPSS
Exploits2References1Affected Software1
Prion
Prionadded 2024/01/16 4:15 p.m.16 views

Cross site scripting

The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.9AI score0.00405EPSS
Exploits2References1Affected Software1
Prion
Prionadded 2024/01/16 4:15 p.m.19 views

Cross site scripting

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

4.3CVSS5.9AI score0.0043EPSS
Exploits2References1Affected Software1
Prion
Prionadded 2024/01/16 4:15 p.m.17 views

Cross site scripting

The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

4.3CVSS5.9AI score0.00473EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/01/16 3:56 p.m.23 views

CVE-2023-0389 Calculated Fields Form < 1.1.151 - Admin+ Stored Cross-Site Scripting via Dropdown Fields

The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

5.6AI score0.00473EPSS
Exploits2References1
Cvelist
Cvelistadded 2024/01/16 3:54 p.m.19 views

CVE-2023-3647 IURNY by INDIGITALL < 3.2.3 - Admin+ Stored XSS

The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00405EPSS
Exploits2References1
Positive Technologies
Positive Technologiesadded 2024/01/16 12:0 a.m.6 views

PT-2024-11610 · WordPress · Font Awesome 4 Menus

Name of the Vulnerable Software and Affected Versions: Font Awesome 4 Menus WordPress plugin versions prior to 4.7.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

4.8CVSS4.6AI score0.00524EPSS
Exploits2References5
Positive Technologies
Positive Technologiesadded 2024/01/16 12:0 a.m.8 views

PT-2024-11922 · WordPress · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form WordPress plugin versions prior to 1.1.151 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

4.8CVSS5.3AI score0.00473EPSS
Exploits2References4
Positive Technologies
Positive Technologiesadded 2024/01/16 12:0 a.m.4 views

PT-2024-12556 · Indigitall · Iurny

Name of the Vulnerable Software and Affected Versions: The IURNY by INDIGITALL WordPress plugin versions prior to 3.2.3 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

4.8CVSS5.2AI score0.00405EPSS
Exploits2References4
OSV
OSVadded 2024/01/15 4:15 p.m.3 views

CVE-2023-6163

The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00402EPSS
Exploits2References1
Prion
Prionadded 2024/01/15 4:15 p.m.18 views

Cross site scripting

The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.9AI score0.00402EPSS
Exploits2References1Affected Software1
Prion
Prionadded 2024/01/15 4:15 p.m.24 views

Cross site scripting

The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite set...

4.3CVSS5.8AI score0.00402EPSS
Exploits2References1Affected Software1
Cvelist
Cvelistadded 2024/01/15 3:10 p.m.23 views

CVE-2023-6163 WP Crowdfunding < 2.1.10 - Admin+ Stored XSS

The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00402EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2024/01/15 3:10 p.m.7 views

CVE-2023-6163 WP Crowdfunding < 2.1.10 - Admin+ Stored XSS

The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.6AI score0.00402EPSS
Exploits2References1
OSV
OSVadded 2024/01/11 9:15 a.m.4 views

CVE-2023-5691

The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.8CVSS7.4AI score0.00295EPSS
Exploits0References2
Rows per page
Query Builder