CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3479 matches found

Prion•added 2023/05/02 8:15 a.m.•14 views

Design/Logic Flaw

The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install...

5.8CVSS6.8AI score0.00962EPSS

Exploits2References1Affected Software1

Prion•added 2023/05/02 8:15 a.m.•22 views

Cross site scripting

The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00501EPSS

Exploits2References1Affected Software1

Vulnrichment•added 2023/05/02 7:4 a.m.•8 views

CVE-2023-1614 WP Custom Author URL < 1.0.5 - Admin+ Stored XSS

The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00501EPSS

Exploits2References1

Cvelist•added 2023/05/02 7:4 a.m.•29 views

CVE-2023-1554 Quick Paypal Payments < 5.7.26.4 - Admin+ Stored XSS

The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.0047EPSS

Exploits2References1

Vulnrichment•added 2023/05/02 7:4 a.m.•8 views

CVE-2023-1525 Site Reviews < 6.7.1 - Admin+ Stored XSS

4.7AI score0.00501EPSS

Exploits2References1

Cvelist•added 2023/05/02 7:4 a.m.•31 views

CVE-2023-1525 Site Reviews < 6.7.1 - Admin+ Stored XSS

5AI score0.00501EPSS

Exploits2References1

Cvelist•added 2023/05/02 7:4 a.m.•14 views

CVE-2023-0924 Zyrex Popup <= 1.0 - Admin+ Arbitrary File Upload

7AI score0.00962EPSS

Exploits2References1

WPVulnDB•added 2023/05/02 12:0 a.m.•26 views

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Settings » Login rebuilder 2. In...

4.8CVSS8.2AI score0.00552EPSS

Exploits3Affected Software1

Positive Technologies•added 2023/05/02 12:0 a.m.•4 views

PT-2023-16620 · WordPress · Zyrex Popup

Name of the Vulnerable Software and Affected Versions: ZYREX POPUP WordPress plugin versions 1.0 and earlier Description: The issue allows a high privileged user, such as an Administrator, to upload arbitrary files when creating a popup, even when modifying the file system is disallowed, such as ...

7.2CVSS7.2AI score0.00962EPSS

Exploits2References4

WPVulnDB•added 2023/04/29 12:0 a.m.•11 views

I Recommend This <= 3.8.3 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00392EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/04/28 12:0 a.m.•24 views

WP-CORS <= 0.2.1 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00369EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/04/25 12:0 a.m.•15 views

Ko-fi Button < 1.3.3 - Admin+ Stored XSS

The plugin does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk. PoC 1. In the Kofi plugin settings,...

5.1AI score0.00442EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/04/24 12:0 a.m.•21 views

CRM Memberships <= 1.6 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00369EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/04/24 12:0 a.m.•22 views

0mk Shortener <= 0.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.9AI score0.00394EPSS

Exploits0

WPVulnDB•added 2023/04/23 12:0 a.m.•42 views

AI Contact Us Form <= 1.0 - Admin+ Stored XSS

5.9CVSS4.8AI score0.00392EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/04/21 12:0 a.m.•14 views

Live Chat by Formilla < 1.3.1 - Admin+ Stored XSS

5.9CVSS5.7AI score0.00369EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/04/21 12:0 a.m.•17 views

eRocket < 1.2.5 - Admin+ Stored XSS