CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8961 matches found

wpexploit•added 2022/12/27 12:0 a.m.•464 views

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.8AI score0.00534EPSS

Exploits2

WPVulnDB•added 2022/12/27 12:0 a.m.•12 views

Compact WP Audio Player < 1.9.8 - Contributor+ Stored XSS

5.4CVSS1.6AI score0.00471EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/27 12:0 a.m.•502 views

WordPress Simple Shopping Cart < 4.6.2 - Contributor+ Stored XSS via Shortcode

5.4CVSS1.6AI score0.00534EPSS

Exploits2

WPVulnDB•added 2022/12/27 12:0 a.m.•30 views

Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: facebook-page-plugin href='test.js' method='sdk' language='" onerror="alert1"'...

5.4CVSS4.1AI score0.00471EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/27 12:0 a.m.•518 views

Sassy Social Share < 3.3.45 - Contributor+ Stored XSS

5.4CVSS0.7AI score0.00471EPSS

Exploits2

wpexploit•added 2022/12/27 12:0 a.m.•487 views

Search & Filter < 1.2.16 - Contributor+ Stored XSS

5.4CVSS0.7AI score0.00471EPSS

Exploits2

wpexploit•added 2022/12/27 12:0 a.m.•428 views

Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: facebook-page-plugin href='test.js' method='sdk' language='" onerror="alert1"'...

5.4CVSS2.1AI score0.00471EPSS

Exploits2

wpexploit•added 2022/12/24 12:0 a.m.•146 views

Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS

5.4CVSS1AI score0.00471EPSS

Exploits2

WPVulnDB•added 2022/12/24 12:0 a.m.•11 views

Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS

5.4CVSS1.9AI score0.00471EPSS

Exploits2Affected Software1

WPVulnDB•added 2022/12/24 12:0 a.m.•34 views

Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode

5.4CVSS3.3AI score0.00471EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/24 12:0 a.m.•146 views

Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode

5.4CVSS1.6AI score0.00471EPSS

Exploits2

WPVulnDB•added 2022/12/23 12:0 a.m.•39 views

Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: wpreusablerender id='2' ajax='true' height='100px;width:100px;background:red;"...

5.4CVSS3.7AI score0.00393EPSS

Exploits1Affected Software1

wpexploit•added 2022/12/23 12:0 a.m.•107 views

Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack. 1. Add a product item to the plugin. The item name, for example, "first". You will also use this in the shortcode...

5.4CVSS0.9AI score0.00471EPSS

Exploits2

WPVulnDB•added 2022/12/23 12:0 a.m.•28 views

Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack. PoC 1. Add a product item to the plugin. The item name, for example, "first". You will also use this in the...

5.4CVSS3AI score0.00471EPSS

Exploits2Affected Software1

WPVulnDB•added 2022/12/23 12:0 a.m.•17 views

ConvertKit < 2.0.5 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. PoC...

5.4CVSS2.7AI score0.00534EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/23 12:0 a.m.•104 views

Easy Accordion < 2.2.0 - Contributor+ Stored XSS

5.4CVSS0.5AI score0.00534EPSS

Exploits2

WPVulnDB•added 2022/12/23 12:0 a.m.•25 views

Easy Accordion < 2.2.0 - Contributor+ Stored XSS

5.4CVSS2.1AI score0.00534EPSS

Exploits2Affected Software1

WPVulnDB•added 2022/12/23 12:0 a.m.•12 views

Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS

5.4CVSS1.7AI score0.00534EPSS

Exploits2Affected Software1

wpexploit•added 2022/12/23 12:0 a.m.•500 views

Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS

5.4CVSS0.7AI score0.00534EPSS

Exploits2

wpexploit•added 2022/12/23 12:0 a.m.•399 views

Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: wpreusablerender id='2' ajax='true' height='100px;width:100px;background:red;" onmouseover="alert1"'...

5.4CVSS1.7AI score0.00393EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by