CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

WPVulnDB•added 2023/03/29 12:0 a.m.•15 views

Wp Ultimate Review < 2.1.0 - Admin+ Stored XSS

WPVulnDB•added 2023/03/29 12:0 a.m.•12 views

Mega Main Menu <= 2.2.2 - Admin+ Stored XSS

5.5CVSS5.5AI score0.00373EPSS

OSV•added 2023/03/27 4:15 p.m.•1 views

CVE-2023-1025

The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00442EPSS

NVD•added 2023/03/27 4:15 p.m.•10 views

CVE-2023-1025

4.8CVSS4.7AI score0.00442EPSS

Prion•added 2023/03/27 4:15 p.m.•14 views

Cross site scripting

4.3CVSS4.7AI score0.00442EPSS

Exploits2References1Affected Software1

Prion•added 2023/03/27 4:15 p.m.•20 views

Cross site scripting

The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00501EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/03/27 3:37 p.m.•24 views

CVE-2023-1025 Simple File List < 6.0.10 - Admin+ Stored XSS

5AI score0.00442EPSS

Cvelist•added 2023/03/27 3:37 p.m.•22 views

CVE-2023-1400 Modern Events Calendar lite < 6.5.2 - Admin+ Stored XSS

4.9AI score0.00501EPSS

CVE•added 2023/03/27 3:37 p.m.•58 views

CVE-2023-1400

The CVE-2023-1400 entry concerns the WordPress plugin Modern Events Calendar Lite (pre-6.5.2). Root cause: the plugin does not sanitize/escape certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, including multisite contexts. Affect...

4.8CVSS4.9AI score0.00501EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2023/03/27 12:0 a.m.•18 views

Pagination by BestWebSoft < 1.2.3 - Admin+ Stored XSS

WPVulnDB•added 2023/03/21 12:0 a.m.•24 views

Lazy Social Comments <= 2.0.4 - Admin+ Stored Cross-Site Scripting

WPVulnDB•added 2023/03/21 12:0 a.m.•17 views

Simple Custom Author Profiles <= 1.0.0 - Admin+ Stored Cross-Site Scripting

WPVulnDB•added 2023/03/21 12:0 a.m.•12 views

Userlike – WordPress Live Chat < 2.3 - Admin+ Stored Cross-Site Scripting

5.9CVSS5.7AI score0.00392EPSS

WPVulnDB•added 2023/03/21 12:0 a.m.•16 views

Disqus Conditional Load < 11.1.2 - Admin+ Stored Cross-Site Scripting

5.9CVSS4.8AI score0.00369EPSS

Positive Technologies•added 2023/03/21 12:0 a.m.•3 views

PT-2023-27174 · WordPress +1 · Armember Lite +1

Name of the Vulnerable Software and Affected Versions: The ARMember Lite - Membership Plugin for WordPress versions up to, and including, 4.0.14 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This...

4.8CVSS4.8AI score0.00456EPSS

Exploits0References10

WPVulnDB•added 2023/03/20 12:0 a.m.•20 views

Simple Giveaways < 2.45.1 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Login with an editor user and add/edi...

4.8CVSS4.9AI score0.00446EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/03/20 12:0 a.m.•19 views

Kanban Boards for WordPress <= 2.5.20 - Admin+ Stored Cross-Site Scripting