CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3478 matches found

NVD•added 2022/10/10 9:15 p.m.•11 views

CVE-2022-2981

The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup...

4.9CVSS0.00859EPSS

Exploits2References1

Prion•added 2022/10/10 9:15 p.m.•12 views

Cross site scripting

The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS4.7AI score0.0047EPSS

Exploits2References1Affected Software1

Prion•added 2022/10/10 9:15 p.m.•17 views

Cross site scripting

The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for examp...

4.3CVSS4.8AI score0.00506EPSS

Exploits2References1Affected Software1

Cvelist•added 2022/10/10 12:0 a.m.•18 views

CVE-2022-3136 Social Rocket < 1.3.3 - Admin+ Stored Cross-Site Scripting

The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.0047EPSS

Exploits2References1

WPVulnDB•added 2022/10/10 12:0 a.m.•15 views

PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection

The plugin unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site. PoC To simulate a...

7.2CVSS0.3AI score0.01126EPSS

Exploits2Affected Software2

WPVulnDB•added 2022/10/10 12:0 a.m.•16 views

Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Go to the plugin's settings Popup tab, click o...

4.8CVSS1.5AI score0.0047EPSS

Exploits2Affected Software1

NVD•added 2022/10/03 2:15 p.m.•20 views

CVE-2022-3128

The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00548EPSS

Exploits2References1

ATTACKERKB•added 2022/10/03 2:15 p.m.•1 views

CVE-2022-3128

4.8CVSS5.8AI score0.00548EPSS

Exploits2References2

ATTACKERKB•added 2022/10/03 2:15 p.m.•3 views

CVE-2022-2763

The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.9AI score0.00591EPSS

Exploits2References2

ATTACKERKB•added 2022/10/03 2:15 p.m.•2 views

CVE-2022-2628

The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.9AI score0.00548EPSS

Exploits2References2