CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3479 matches found

NVD•added 2023/05/30 8:15 a.m.•21 views

CVE-2023-2113

The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users such as an administrator to inject arbitrary javascript into the admin panel, even when the unfilteredhtml capability is disabled, such as in a...

4.8CVSS4.9AI score0.0047EPSS

Exploits1References1

OSV•added 2023/05/30 8:15 a.m.•5 views

CVE-2023-2113

4.8CVSS5.9AI score0.0047EPSS

Exploits1References1

Prion•added 2023/05/30 8:15 a.m.•18 views

Design/Logic Flaw

4.3CVSS4.9AI score0.0047EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/05/30 7:49 a.m.•23 views

CVE-2023-2113 Autoptimize < 3.1.7 - Admin+ Stored Cross-Site Scripting via Settings Import

5.1AI score0.0047EPSS

Exploits1References1

CNNVD•added 2023/05/30 12:0 a.m.•4 views

WordPress plugin Fast & Effective Popups & Lead-Generation SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A SQL injection vulnerability in the WordPress plug...

4.9CVSS6.7AI score0.00752EPSS

Exploits2References2

WPVulnDB•added 2023/05/30 12:0 a.m.•22 views

CRM Perks Forms < 1.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the formid field in the plugin settings page, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC...

4.8CVSS5.8AI score0.00604EPSS

Exploits2References1Affected Software1

Positive Technologies•added 2023/05/30 12:0 a.m.•4 views

PT-2023-17903 · WordPress · Fast & Effective Popups & Lead-Generation

Name of the Vulnerable Software and Affected Versions: Fast & Effective Popups & Lead-Generation for WordPress plugin versions prior to 2.1.4 Description: The issue concerns the concatenation of user input into an SQL query without proper escaping in the plugin's report API endpoint. This could...

4.9CVSS9.5AI score0.00752EPSS

Exploits2References4

WPVulnDB•added 2023/05/29 12:0 a.m.•16 views

Telegram Bot & Channel < 3.6.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00369EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/05/25 12:0 a.m.•15 views

File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting

4.8CVSS8.2AI score0.00442EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/05/23 12:0 a.m.•11 views

WordPress File Upload < 4.19.2 - Admin+ Path Traversal

The plugin does not properly prevent attackers from modifying the target path to which the plugin will move files, via the wfunewpath parameter. This could allow administrators to move files outside of the site's root, which may be a problem in multisite configurations...

4.9CVSS6.6AI score0.01736EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/05/23 12:0 a.m.•16 views

WordPress File Upload and WordPress File Upload Pro < 4.19.2 - Admin+ Stored Cross-Site Scripting

The plugin does not properly escape and sanitize user input coming from users with the administrator role in the plugin's settings, which is a problem in multisite configurations...

5.5CVSS6.7AI score0.00376EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/05/23 12:0 a.m.•23 views

Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS

4.8CVSS4.9AI score0.0047EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/05/22 12:0 a.m.•15 views

WP-Piwik < 1.0.28 - Admin+ Stored XSS

The plugin does not sanitize and escape the plugin display name field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00396EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/05/22 12:0 a.m.•10 views

Novelist < 1.2.1 - Admin+ Stored XSS

The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

5.9CVSS6.6AI score0.00369EPSS

Exploits0References2Affected Software1

WPVulnDB•added 2023/05/22 12:0 a.m.•11 views

Qubotchat < 1.1.6 – Admin+ Stored XSS

4.8CVSS5.7AI score0.00442EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/05/22 12:0 a.m.•14 views

MailChimp Subscribe Forms < 4.0.9.2 - Admin+ Stored XSS

5.9CVSS6.6AI score0.00369EPSS

Exploits0References2Affected Software1

WPVulnDB•added 2023/05/18 12:0 a.m.•21 views

Scripts n Styles < 3.5.8 - Admin+ Stored XSS

5.9CVSS10AI score0.00369EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/05/18 12:0 a.m.•21 views

Baidu Tongji generator <= 1.0.2 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00369EPSS

Exploits0Affected Software1

ATTACKERKB•added 2023/05/16 9:15 a.m.•2 views

CVE-2023-2548

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

7.2CVSS7.1AI score0.00718EPSS

Exploits0References3

OSV•added 2023/05/16 9:15 a.m.•2 views

CVE-2023-2548

7.2CVSS7.1AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by