CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3479 matches found

NVD•added 2023/05/16 9:15 a.m.•10 views

CVE-2023-2548

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

7.2CVSS6.4AI score0.00718EPSS

Exploits0References2

Prion•added 2023/05/16 9:15 a.m.•18 views

Authorization

5.8CVSS6.7AI score0.00718EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2023/05/16 12:0 a.m.•5 views

PT-2023-20098 · WordPress · Registrationmagic

Name of the Vulnerable Software and Affected Versions: RegistrationMagic plugin for WordPress versions up to, and including, 5.2.0.5 Description: The issue allows authenticated attackers with administrator-level permissions and above to bypass authorization and access system resources due to...

7.2CVSS7.3AI score0.00718EPSS

Exploits0References4

OSV•added 2023/05/15 1:15 p.m.•3 views

CVE-2023-0892

The BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score

Exploits0References1

NVD•added 2023/05/15 1:15 p.m.•32 views

CVE-2023-2009

Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.8AI score0.00824EPSS

Exploits2References1

OSV•added 2023/05/15 1:15 p.m.•5 views

CVE-2023-1839

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

4.8CVSS6.6AI score0.00461EPSS

Exploits2References1

NVD•added 2023/05/15 1:15 p.m.•24 views

CVE-2023-0892

4.8CVSS4.7AI score0.00489EPSS

Exploits2References1

OSV•added 2023/05/15 1:15 p.m.•4 views

CVE-2023-2009

4.8CVSS6.6AI score0.00824EPSS

Exploits2References1

Prion•added 2023/05/15 1:15 p.m.•12 views

Cross site scripting

4.3CVSS4.7AI score0.00489EPSS

Exploits2References1Affected Software1

Prion•added 2023/05/15 1:15 p.m.•12 views

Cross site scripting

4.3CVSS4.7AI score0.00824EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/05/15 12:15 p.m.•35 views

CVE-2023-1839 Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting

5AI score0.00461EPSS

Exploits2References1

Vulnrichment•added 2023/05/15 12:15 p.m.•8 views

CVE-2023-2009 Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings

5.7AI score0.00824EPSS

Exploits2References1

Cvelist•added 2023/05/15 12:15 p.m.•28 views

CVE-2023-0892 BizLibrary <= 1.1 - Admin+ Stored XSS

5AI score0.00489EPSS

Exploits2References1

Positive Technologies•added 2023/05/15 12:0 a.m.•3 views

PT-2023-16595 · WordPress · Bizlibrary Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: BizLibrary WordPress plugin versions 1.1 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...

4.8CVSS8AI score0.00489EPSS

Exploits2References5

WPVulnDB•added 2023/05/15 12:0 a.m.•16 views

Stop Spammers Security < 2023 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the payload below in any of the "Challenge...

4.8CVSS8.2AI score0.00442EPSS

Exploits2Affected Software1

Positive Technologies•added 2023/05/15 12:0 a.m.•6 views

PT-2023-17407 · WordPress · Pretty Url

Name of the Vulnerable Software and Affected Versions: Pretty Url WordPress plugin versions 1.5.4 and earlier Description: The issue arises from the plugin's failure to sanitize and escape the URL field in its settings, potentially allowing high-privilege users to perform Stored Cross-Site...

4.8CVSS8.1AI score0.00824EPSS

Exploits2References6

WPVulnDB•added 2023/05/12 12:0 a.m.•14 views

DBargain <= 3.0.0 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00366EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/05/12 12:0 a.m.•18 views

Get Your Number <= 1.1.3 - Admin+ Stored XSS

4.8CVSS8.2AI score0.00539EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/05/10 12:0 a.m.•11 views

Tiny carousel horizontal slider plus <= 3.2 - Admin+ Stored XSS

The plugin does not escape several fields in the edit gallery and edit image forms, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.8AI score0.00369EPSS

Exploits0Affected Software1

OSV•added 2023/05/08 2:15 p.m.•3 views

CVE-2023-0894

The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS6.6AI score0.00442EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by