CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2022/12/26 1:15 p.m.•18 views

Cross site request forgery (csrf)

The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges i.e. on multisite WordPress configurations to leak sensitive...

3.3CVSS5.1AI score0.00852EPSS

Exploits2References2Affected Software1

Prion•added 2022/12/26 1:15 p.m.•19 views

Cross site scripting

The Paytium: Mollie payment forms & donations WordPress plugin before 4.3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.3CVSS4.7AI score0.0047EPSS

Prion•added 2022/12/26 1:15 p.m.•17 views

Cross site scripting

The WP Google Review Slider WordPress plugin before 11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00532EPSS

Prion•added 2022/12/26 1:15 p.m.•12 views

Cross site scripting

The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.00532EPSS

Prion•added 2022/12/26 1:15 p.m.•19 views

Cross site request forgery (csrf)

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges i.e. on multisite...

3.3CVSS5.2AI score0.00846EPSS

Exploits2References2Affected Software1

Cvelist•added 2022/12/26 12:28 p.m.•29 views

CVE-2022-4242 WP Google Review Slider < 11.6 - Admin+ Stored XSS

4.9AI score0.00532EPSS

Cvelist•added 2022/12/26 12:28 p.m.•31 views

CVE-2022-3835 Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS

4.9AI score0.00532EPSS

Cvelist•added 2022/12/26 12:28 p.m.•22 views

CVE-2022-4226 Simple Basic Contact Form < 20221201 - Admin+ Stored XSS

The Simple Basic Contact Form WordPress plugin before 20221201 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

5AI score0.00532EPSS

Cvelist•added 2022/12/26 12:28 p.m.•28 views

CVE-2022-4243 ImageInject <= 1.17 - Admin+ Stored XSS

The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00532EPSS

Cvelist•added 2022/12/26 12:27 p.m.•29 views

CVE-2022-4157 Contest Gallery < 19.1.5 - Admin+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgoptionid POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges i.e. on multisite...

5.5AI score0.00883EPSS

CNNVD•added 2022/12/26 12:0 a.m.•2 views

WordPress Plugin Kwayy HTML Sitemap 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

4.8CVSS4.9AI score0.00532EPSS

Positive Technologies•added 2022/12/26 12:0 a.m.•2 views

PT-2022-24381 · WordPress · Kwayy Html Sitemap

Name of the Vulnerable Software and Affected Versions: Kwayy HTML Sitemap WordPress plugin versions prior to 4.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example,...

4.8CVSS5.8AI score0.00532EPSS

Exploits2References5

CNNVD•added 2022/12/26 12:0 a.m.•1 views

WordPress Plugin Eventify 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS4.9AI score0.00532EPSS

CNNVD•added 2022/12/26 12:0 a.m.•10 views

WordPress Plugin Google Apps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

4.8CVSS5AI score0.00532EPSS