CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2023/04/25 8:15 p.m.•1 views

CVE-2023-23995

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin = 1.1.2 versions...

OSV•added 2023/04/25 8:15 p.m.•2 views

CVE-2023-23866

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Carlos Moreira Interactive Geo Maps plugin = 1.5.8 versions...

5.4CVSS6.1AI score0.00181EPSS

OSV•added 2023/04/25 7:15 p.m.•1 views

CVE-2023-25793

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in George Pattihis Link Juice Keeper plugin = 2.0.2 versions...

OSV•added 2023/04/25 5:15 p.m.•2 views

CVE-2022-47608

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Contact Form plugin = 8.0.3.1 versions...

4.8CVSS5.8AI score0.00207EPSS

OSV•added 2023/04/25 12:15 p.m.•1 views

CVE-2022-45837

Reflected Cross-Site Scripting XSS vulnerability in Denis 微信机器人高级版 plugin = 6.0.1 versions...

6.1CVSS5.8AI score0.00287EPSS

CNNVD•added 2023/04/25 12:0 a.m.•9 views

WordPress plugin Shield Security 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.2CVSS6.3AI score0.38754EPSS

Exploits2References5

OSV•added 2023/04/24 3:15 p.m.•2 views

CVE-2022-47158

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pakpobox alfred24 Click & Collect plugin = 1.1.7 versions...

OSV•added 2023/04/23 10:15 a.m.•3 views

CVE-2022-45361

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Boris Kuzmanov 0mk Shortener plugin = 0.2 versions...

OSV•added 2023/04/23 10:15 a.m.•1 views

CVE-2023-22718

Reflected Cross-Site Scripting XSS vulnerability in Jason Lau User Meta Manager plugin = 3.4.9 versions...

6.1CVSS6.3AI score

OSV•added 2023/04/23 10:15 a.m.•3 views

CVE-2023-24404

Reflected Cross-Site Scripting XSS vulnerability in VryaSage Marketing Performance plugin = 2.0.0 versions...

6.1CVSS6.8AI score

CNNVD•added 2023/04/23 12:0 a.m.•2 views

WordPress Plugin AI Contact Us Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS5.1AI score0.003EPSS

CNNVD•added 2023/04/23 12:0 a.m.•2 views

WordPress Plugin 0mk Shortener 跨站脚本漏洞

5.9CVSS6.2AI score0.00207EPSS

Positive Technologies•added 2023/04/17 12:0 a.m.•3 views

PT-2023-16859 · WordPress · Drag/Drop Multiple File Upload Pro - Contact Form 7 Standard +1

Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin versions prior to 2.11.1 Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin versions prior to 5.0.6.4...

6.1CVSS6AI score0.00313EPSS

Exploits3References7

OSV•added 2023/04/12 6:15 p.m.•2 views

CVE-2023-30530

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

4.3CVSS5.8AI score

OSV•added 2023/04/12 6:15 p.m.•2 views

CVE-2023-30528

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...

6.5CVSS6.6AI score

OSV•added 2023/04/12 6:15 p.m.•2 views

CVE-2023-30516

Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by defau...

6.5CVSS5.8AI score

Positive Technologies•added 2023/04/12 12:0 a.m.•4 views

PT-2023-22755 · Jenkins · Jenkins Wso2 Oauth Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins WSO2 Oauth Plugin versions 1.0 and earlier Description: The issue concerns the storage of the WSO2 Oauth client secret in an unencrypted form within the global config.xml file on the Jenkins controller. This file can be accessed by...

4.3CVSS6.3AI score0.00181EPSS

Exploits0References7

OSV•added 2023/04/10 2:15 p.m.•0 views

CVE-2023-1478

The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module...

9.8CVSS7.3AI score

OSV•added 2023/04/07 3:15 p.m.•2 views

CVE-2023-29171

Unauth. Reflected Cross-site Scripting XSS vulnerability in Magic Post Thumbnail plugin = 4.1.10 versions...

6.1CVSS6.8AI score