CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3478 matches found

WPVulnDB•added 2022/11/03 12:0 a.m.•18 views

4ECPS Web Forms <= 0.2.17 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00412EPSS

Exploits0

WPVulnDB•added 2022/11/03 12:0 a.m.•12 views

Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Open the setting page of this plugin. 2...

4.8CVSS0.5AI score0.00501EPSS

Exploits2Affected Software1

WPVulnDB•added 2022/11/03 12:0 a.m.•15 views

Image Hover Effects Css3 <= 4.5 - Admin+ Stored XSS

4.8CVSS0.4AI score0.0047EPSS

Exploits2Affected Software1

WPVulnDB•added 2022/11/03 12:0 a.m.•15 views

Beautiful Cookie Consent Banner < 2.9.1 - Admin+ Stored XSS

4.8CVSS2.6AI score0.00459EPSS

Exploits1Affected Software1

WPVulnDB•added 2022/11/03 12:0 a.m.•19 views

reCAPTCHA <= 1.6 - Admin+ Stored XSS

4.8CVSS2.2AI score0.00532EPSS

Exploits2Affected Software1

WPVulnDB•added 2022/11/02 12:0 a.m.•14 views

Jeeng Push Notifications < 2.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Account ID"...

4.8CVSS1.1AI score0.00501EPSS

Exploits2Affected Software1

WPVulnDB•added 2022/11/02 12:0 a.m.•12 views

AM-HiLi <= 1.0 - Admin+ Stored XSS

4.8CVSS2.1AI score0.00412EPSS

Exploits0Affected Software1

WPVulnDB•added 2022/11/02 12:0 a.m.•16 views

AgentEasy Properties <= 1.0.4 - Admin+ Stored XSS

4.8CVSS2.2AI score0.00412EPSS

Exploits0Affected Software1

OpenVAS•added 2022/11/01 12:0 a.m.•16 views

WordPress PublishPress Capabilities Plugin < 2.5.2 PHP Objection Injection Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

7.2CVSS7.1AI score0.01126EPSS

Exploits2References1

OSV•added 2022/10/31 4:15 p.m.•2 views

CVE-2022-3366

The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation i...

7.2CVSS5.8AI score

Exploits0References1

OSV•added 2022/10/31 4:15 p.m.•5 views

CVE-2022-3441

The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score

Exploits0References1

NVD•added 2022/10/31 4:15 p.m.•19 views

CVE-2022-3366

7.2CVSS0.01126EPSS

Exploits2References1

Prion•added 2022/10/31 4:15 p.m.•16 views

Design/Logic Flaw

5.8CVSS7AI score0.01126EPSS

Exploits2References1Affected Software1

Vulnrichment•added 2022/10/31 12:0 a.m.•6 views

CVE-2022-3366 PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection

6.9AI score0.01126EPSS

Exploits2References1

Cvelist•added 2022/10/31 12:0 a.m.•26 views

CVE-2022-3441 Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting

5AI score0.0047EPSS

Exploits2References1

Cvelist•added 2022/10/31 12:0 a.m.•25 views

CVE-2022-3366 PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection

7.2AI score0.01126EPSS

Exploits2References1

WPVulnDB•added 2022/10/28 12:0 a.m.•18 views

Ultimate Member < 2.5.1 - Admin+ RCE

The plugin does not validate user input passed to calluserfunc via the getoptionvaluefromcallback function, which could allow high privilege users to perform RCE even when they are not allowed to for example in multisite setup...

7.2CVSS4.1AI score0.0278EPSS

Exploits1Affected Software1

OSV•added 2022/10/25 5:15 p.m.•10 views

CVE-2022-3391

The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00554EPSS

Exploits2References1

OSV•added 2022/10/25 5:15 p.m.•4 views

CVE-2022-3392

The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00583EPSS

Exploits2References1

Prion•added 2022/10/25 5:15 p.m.•12 views

Cross site scripting

4.3CVSS4.7AI score0.00583EPSS

Exploits2References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by