CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8956 matches found

wpexploit•added 2022/12/27 12:0 a.m.•398 views

HashBar – WordPress Notification Bar < 1.3.6 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: hashbarbtn btntarget='" onmouseover="alert1"'...

5.4CVSS1.8AI score0.00534EPSS

Exploits2

wpexploit•added 2022/12/27 12:0 a.m.•446 views

Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.5AI score0.00471EPSS

Exploits2

wpexploit•added 2022/12/24 12:0 a.m.•146 views

Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS

5.4CVSS1AI score0.00471EPSS

Exploits2

WPVulnDB•added 2022/12/24 12:0 a.m.•11 views

Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS

5.4CVSS1.9AI score0.00471EPSS

Exploits2Affected Software1

WPVulnDB•added 2022/12/24 12:0 a.m.•34 views

Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode

5.4CVSS3.3AI score0.00471EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/24 12:0 a.m.•146 views

Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode

5.4CVSS1.6AI score0.00471EPSS

Exploits2

WPVulnDB•added 2022/12/23 12:0 a.m.•39 views

Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: wpreusablerender id='2' ajax='true' height='100px;width:100px;background:red;"...

5.4CVSS3.7AI score0.00393EPSS

Exploits1Affected Software1

wpexploit•added 2022/12/23 12:0 a.m.•107 views

Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack. 1. Add a product item to the plugin. The item name, for example, "first". You will also use this in the shortcode...

5.4CVSS0.9AI score0.00471EPSS

Exploits2

WPVulnDB•added 2022/12/23 12:0 a.m.•28 views

Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack. PoC 1. Add a product item to the plugin. The item name, for example, "first". You will also use this in the...

5.4CVSS3AI score0.00471EPSS

Exploits2Affected Software1

WPVulnDB•added 2022/12/23 12:0 a.m.•17 views

ConvertKit < 2.0.5 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. PoC...

5.4CVSS2.7AI score0.00534EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/23 12:0 a.m.•104 views

Easy Accordion < 2.2.0 - Contributor+ Stored XSS

5.4CVSS0.5AI score0.00534EPSS

Exploits2

WPVulnDB•added 2022/12/23 12:0 a.m.•25 views

Easy Accordion < 2.2.0 - Contributor+ Stored XSS

5.4CVSS2.1AI score0.00534EPSS

Exploits2Affected Software1

WPVulnDB•added 2022/12/23 12:0 a.m.•12 views

Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS

5.4CVSS1.7AI score0.00534EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/23 12:0 a.m.•500 views

Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS

5.4CVSS0.7AI score0.00534EPSS

Exploits2

wpexploit•added 2022/12/23 12:0 a.m.•399 views

Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode

5.4CVSS1.7AI score0.00393EPSS

Exploits1

wpexploit•added 2022/12/22 12:0 a.m.•112 views

3D FlipBook < 1.13.3 - Contributor+ Stored XSS

The plugin does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators. 1. As an administrator, creat...

6.1CVSS0.6AI score0.00534EPSS

Exploits2

WPVulnDB•added 2022/12/22 12:0 a.m.•26 views

3D FlipBook < 1.13.3 - Contributor+ Stored XSS

6.1CVSS2AI score0.00534EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/22 12:0 a.m.•105 views

Font Awesome < 4.3.2 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. Exploit shortcode: icon name='circle-exclamation'...

5.4CVSS1.2AI score0.00471EPSS

Exploits2

WPVulnDB•added 2022/12/22 12:0 a.m.•17 views

Font Awesome < 4.3.2 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. PoC Exploit shortcode: icon...

5.4CVSS2.5AI score0.00471EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/22 12:0 a.m.•75 views

Real Testimonials < 2.6.0 - Contributor+ Stored XSS

5.4CVSS1.1AI score0.00471EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by