CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

CNNVD•added 2026/05/20 12:0 a.m.•5 views

WordPress plugin General Options 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

4.4CVSS5.8AI score0.00039EPSS

Exploits0References6

Cvelist•added 2021/11/08 5:34 p.m.•13 views

CVE-2021-24664 WPSchoolPress < 2.1.17 - Multiple Admin+ Stored Cross-Site Scripting

The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitizetextfield but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues...

5.2AI score0.01366EPSS

Exploits4References2

WPVulnDB•added 2021/10/04 12:0 a.m.•28 views

BP Better Messages < 1.9.9.41 - Reflected Cross-Site Scripting

The plugin sanitise with sanitizetextfield but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/chat-rooms/?subject=asd%22%20%22%20onmouseover=javascript:alert1;%20test=%22&new-message;=asd...

6.1CVSS0.0021EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2021/02/08 12:0 a.m.•23 views

Digital Publications by Supsystic <= 1.6.11 - Authenticated Stored Cross-Site Scripting (XSS)

When creating or editing a publication, all values such as Area Width, Publication Width are vulnerable to stored XSS. It is possible to store code in all input fields as the code does not sanitize any user input. v1.6.11 attempted to fix the issue by using sanitizetextfield, however the output i...

1.1AI score

Exploits0References1Affected Software1

Exploit DB•added 2020/02/13 12:0 a.m.•183 views

WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting

Tile: Wordpress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting Author: mehran feizi Category: webapps Date: 2020-02-12 vendor home page: https://wordpress.org/plugins/tutor/ =================================================================== Vulnerable page: /Quiz.php...

7.4AI score

Exploits0

Packet Storm•added 2016/08/03 12:0 a.m.•33 views

WordPress Activity Log 2.3.2 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin ------------------------------------------------------------------------ Edwin Molenaar, July 2016...

Exploits0

seebug.org•added 2015/12/04 12:0 a.m.•26 views

WordPress Users Ultra Plugin 1.5.50 - Blind SQL 注入

在users-ultra插件的xooclasses/xoo.userultra.photos.php文件中有如下代码： public function editvideoconfirm global $wpdb, $xoouserultra; requireonceABSPATH . 'wp-includes/formatting.php'; $userid = getcurrentuserid; $videoid = $POST"videoid"; //videoid 直接从POST取值 $videoname = sanitizetextfield$POST"videoname";...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by