CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3479 matches found

Cvelist•added 2023/06/19 10:52 a.m.•25 views

CVE-2023-2684 File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting

The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00442EPSS

Exploits2References1

WPVulnDB•added 2023/06/19 12:0 a.m.•167 views

Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting

Description The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the plugin's "Quick Start" field, add...

4.8CVSS4.7AI score0.00423EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/06/19 12:0 a.m.•25 views

Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a new item in the plugin settings 2...

4.8CVSS5.3AI score0.00543EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/06/19 12:0 a.m.•13 views

Smoothscroller <= 1.0.0 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00392EPSS

Exploits0Affected Software1

Positive Technologies•added 2023/06/19 12:0 a.m.•10 views

PT-2023-19360 · WordPress · Qubot

Name of the Vulnerable Software and Affected Versions: QuBot WordPress plugin versions prior to 1.1.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisit...

4.8CVSS7.9AI score0.00442EPSS

Exploits2References6

WPVulnDB•added 2023/06/19 12:0 a.m.•11 views

MojoPlug Slide Panel <= 1.1.2 - Admin+ Stored XSS

5.9CVSS8.2AI score0.00418EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/06/19 12:0 a.m.•12 views

Call Now Accessibility Button < 1.1 - Admin+ Stored XSS

4.8CVSS5.4AI score0.00451EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2023/06/15 12:0 a.m.•17 views

Flo Forms <= 1.0.40 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00369EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/06/13 12:0 a.m.•11 views

Booking and Rental Manager < 1.2.2 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00442EPSS

Exploits1Affected Software1

WPVulnDB•added 2023/06/13 12:0 a.m.•15 views

Password Protected < 2.6.3 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00396EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/06/13 12:0 a.m.•13 views

ARMember < 4.0.3 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00369EPSS

Exploits0Affected Software1

NVD•added 2023/06/12 6:15 p.m.•13 views

CVE-2023-1323

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS4.7AI score0.00444EPSS

Exploits1References1

Prion•added 2023/06/12 6:15 p.m.•21 views

Cross site scripting

4.3CVSS4.7AI score0.00444EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2023/06/09 6:16 a.m.•1 views

CVE-2023-2767

The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.5CVSS6.9AI score0.00376EPSS

Exploits0References3

ATTACKERKB•added 2023/06/09 6:16 a.m.•3 views

CVE-2023-2584

The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 9.6.1 in the Pro version due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS6.8AI score0.00516EPSS

Exploits0References4

ATTACKERKB•added 2023/06/09 6:16 a.m.•1 views

CVE-2023-2452

The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.4CVSS6.8AI score0.00536EPSS

Exploits0References4

ATTACKERKB•added 2023/06/09 6:16 a.m.•2 views

CVE-2023-2450

The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6.8AI score0.0056EPSS

Exploits0References4Affected Software1

OSV•added 2023/06/09 6:16 a.m.•4 views

CVE-2023-2452

4.4CVSS6.7AI score

Exploits0References3

OSV•added 2023/06/09 6:16 a.m.•3 views

CVE-2023-2450

4.4CVSS7.3AI score0.0056EPSS

Exploits0References3

Positive Technologies•added 2023/06/09 12:0 a.m.•4 views

PT-2023-21293 · WordPress +1 · Wordpress +2

Name of the Vulnerable Software and Affected Versions: WordPress File Upload and WordPress File Upload Pro plugins for WordPress versions up to, and including, 4.19.1 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and...

5.5CVSS5.7AI score0.00376EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by