CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3479 matches found

AlpineLinux•added 2022/11/21 12:0 a.m.•1 views

CVE-2022-3618

The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

4.8CVSS4AI score0.0047EPSS

Exploits2References1

WPVulnDB•added 2022/11/17 12:0 a.m.•17 views

Anthologize < 0.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its project parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.4AI score0.00392EPSS

Exploits0Affected Software1

WPVulnDB•added 2022/11/17 12:0 a.m.•20 views

News Announcement Scroll < 9.0.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.5AI score0.00392EPSS

Exploits0Affected Software1

WPVulnDB•added 2022/11/17 12:0 a.m.•20 views

Chameleon < 1.4.4 - Admin+ Stored XSS

4.8CVSS2AI score0.00392EPSS

Exploits0Affected Software1

WPVulnDB•added 2022/11/16 12:0 a.m.•23 views

Image Hover Effects < 5.5 - Admin+ Stored XSS

4.8CVSS0.6AI score0.00532EPSS

Exploits2Affected Software1

OSV•added 2022/11/14 3:15 p.m.•2 views

CVE-2022-3631

The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite...

4.8CVSS5.8AI score0.00501EPSS

Exploits2References1

NVD•added 2022/11/14 3:15 p.m.•20 views

CVE-2022-3631

4.8CVSS0.00501EPSS

Exploits2References1

OSV•added 2022/11/14 3:15 p.m.•1 views

CVE-2022-3469

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

4.8CVSS5.8AI score0.00532EPSS

Exploits2References1

Prion•added 2022/11/14 3:15 p.m.•15 views

Cross site scripting

4.3CVSS4.8AI score0.00501EPSS

Exploits2References1Affected Software1

Prion•added 2022/11/14 3:15 p.m.•18 views

Cross site scripting

4.3CVSS4.8AI score0.00532EPSS

Exploits2References1Affected Software1

Cvelist•added 2022/11/14 12:0 a.m.•34 views

CVE-2022-3469 WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting

5.1AI score0.00532EPSS

Exploits2References1

WPVulnDB•added 2022/11/14 12:0 a.m.•13 views

WordPress Countdown Widget < 3.1.9.3 - Admin+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

2.3AI score

Exploits0Affected Software1

Positive Technologies•added 2022/11/14 12:0 a.m.•5 views

PT-2022-22298 · WordPress · Wp Attachments

Name of the Vulnerable Software and Affected Versions: WP Attachments versions prior to 5.0.5 Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitized and escaped. The atta...

4.8CVSS4.8AI score0.00532EPSS

Exploits2References3

OSV•added 2022/11/13 11:15 p.m.•0 views

UBUNTU-CVE-2022-3979

A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated...

8.1CVSS5AI score0.01007EPSS

Exploits1References3

WPVulnDB•added 2022/11/09 12:0 a.m.•16 views

Seed Social < 2.0.4 - Admin+ Stored XSS

2.2AI score0.00497EPSS

Exploits2Affected Software1

OSV•added 2022/11/07 10:15 a.m.•1 views

CVE-2022-3418

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files...

7.2CVSS5.9AI score0.01104EPSS

Exploits2References1

OSV•added 2022/11/07 10:15 a.m.•2 views

CVE-2022-3462

The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00532EPSS

Exploits2References1

Prion•added 2022/11/07 10:15 a.m.•16 views

Cross site scripting

4.3CVSS4.7AI score0.00532EPSS

Exploits2References1Affected Software1

CNNVD•added 2022/11/07 12:0 a.m.•22 views

WordPress plugin Import any XML or CSV File to WordPress 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in th...

7.2CVSS7.3AI score0.01104EPSS

Exploits2References2

WPVulnDB•added 2022/11/04 12:0 a.m.•14 views

Donations via PayPal < 1.9.9 - Admin+ Stored XSS

4.8CVSS0.9AI score0.00532EPSS

Exploits2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by