CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3479 matches found

Positive Technologies•added 2023/07/10 12:0 a.m.•5 views

PT-2023-20296 · WordPress · Buy Me A Coffee

Name of the Vulnerable Software and Affected Versions: Buy Me a Coffee WordPress plugin versions prior to 3.7 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and esca...

4.8CVSS5.2AI score0.00469EPSS

Exploits1References3

WPVulnDB•added 2023/06/28 12:0 a.m.•20 views

Short URL < 1.6.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00332EPSS

Exploits0Affected Software1

OSV•added 2023/06/27 2:15 p.m.•2 views

CVE-2023-2711

The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00501EPSS

Exploits2References1

OSV•added 2023/06/27 2:15 p.m.•5 views

CVE-2023-2795

The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00442EPSS

Exploits2References1

NVD•added 2023/06/27 2:15 p.m.•28 views

CVE-2023-2795

4.8CVSS4.7AI score0.00442EPSS

Exploits2References1

OSV•added 2023/06/27 2:15 p.m.•4 views

CVE-2023-2178

The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00773EPSS

Exploits2References1

OSV•added 2023/06/27 2:15 p.m.•3 views

CVE-2023-2580

The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

4.8CVSS5.8AI score0.0047EPSS

Exploits2References1

NVD•added 2023/06/27 2:15 p.m.•16 views

CVE-2023-1166

The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

4.8CVSS4.8AI score0.00477EPSS

Exploits3References1

OSV•added 2023/06/27 2:15 p.m.•13 views

CVE-2023-0873

The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score

Exploits0References1

NVD•added 2023/06/27 2:15 p.m.•20 views

CVE-2023-2580

4.8CVSS4.8AI score0.0047EPSS

Exploits2References1