CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3479 matches found

Vulnrichment•added 2023/04/10 1:18 p.m.•9 views

CVE-2023-1120 Simple Giveaways < 2.45.1 - Admin+ Stored XSS

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00442EPSS

Exploits2References1

Cvelist•added 2023/04/10 1:17 p.m.•22 views

CVE-2023-1122 Simple Giveaways < 2.45.1 - Editor+ Stored Cross-Site Scripting

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00446EPSS

Exploits2References1

Cvelist•added 2023/04/10 1:17 p.m.•36 views

CVE-2023-0893 Time Sheets < 1.29.3 - Admin+ Stored XSS

The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00442EPSS

Exploits2References1

Positive Technologies•added 2023/04/10 12:0 a.m.•4 views

PT-2023-16578 · WordPress · Klaviyo

Name of the Vulnerable Software and Affected Versions: Klaviyo WordPress plugin versions prior to 3.0.10 Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitized and escape...

4.8CVSS5.5AI score0.00442EPSS

Exploits2References4

Positive Technologies•added 2023/04/10 12:0 a.m.•5 views

PT-2023-16395 · WordPress · Auto Rename Media On Upload

Name of the Vulnerable Software and Affected Versions: Auto Rename Media On Upload WordPress plugin versions prior to 1.1.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, f...

4.8CVSS4.6AI score0.0047EPSS

Exploits1References4

Positive Technologies•added 2023/04/10 12:0 a.m.•4 views

PT-2023-16771 · WordPress · Simple Giveaways

Name of the Vulnerable Software and Affected Versions: The Simple Giveaways WordPress plugin versions prior to 2.45.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

4.8CVSS8AI score0.00446EPSS

Exploits2References5

ATTACKERKB•added 2023/04/06 3:15 p.m.•2 views

CVE-2023-1913

The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.8CVSS6.7AI score0.00377EPSS

Exploits0References3

WPVulnDB•added 2023/04/06 12:0 a.m.•14 views

Maps Widget for Google Maps < 4.25 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.5AI score0.00377EPSS

Exploits0Affected Software1

ATTACKERKB•added 2023/04/05 2:15 p.m.•5 views

CVE-2023-1869

The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and...

5.5CVSS6.8AI score0.00482EPSS

Exploits0References4

OSV•added 2023/04/05 2:15 p.m.•4 views

CVE-2023-1869

4.8CVSS5.9AI score0.00482EPSS

Exploits0References3

WPVulnDB•added 2023/04/05 12:0 a.m.•12 views

WP SMTP Mailing Queue < 2.0.1 - Admin+ Stored XSS

4.8CVSS8.6AI score0.00535EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2023/04/05 12:0 a.m.•20 views

Site Reviews < 6.7.1 - Admin+ Stored XSS

4.8CVSS8.7AI score0.00501EPSS

Exploits2Affected Software1

ATTACKERKB•added 2023/04/04 8:15 p.m.•0 views

CVE-2023-1840

The Sptify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.8CVSS6AI score0.00352EPSS

Exploits0References3

OSV•added 2023/04/04 8:15 p.m.•1 views

CVE-2023-1840

4.8CVSS5.9AI score0.00352EPSS

Exploits0References2

Positive Technologies•added 2023/04/04 12:0 a.m.•3 views

PT-2023-17273 · WordPress · Spotify Play Button

Name of the Vulnerable Software and Affected Versions: The Sptify Play Button for WordPress plugin versions up to, and including, 2.07 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

4.8CVSS5.7AI score0.00352EPSS

Exploits0References5

WPVulnDB•added 2023/04/04 12:0 a.m.•11 views

Sp*tify Play Button for WordPress < 2.08 - Admin+ Stored XSS

4.8CVSS5.5AI score0.00352EPSS

Exploits0Affected Software1

WPVulnDB•added 2023/04/04 12:0 a.m.•13 views

Amr Ical Events Lists <= 6.6 - Admin+ Stored XSS

4.8CVSS8.4AI score0.00442EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/04/03 12:0 a.m.•22 views

Product Enquiry for WooCommerce < 2.2.13 - Admin+ Stored XSS