CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Vulnrichment•added 2023/11/20 2:34 p.m.•8 views

CVE-2023-6197

The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audiomerchantsavesettings function. This makes it possible for unauthenticated attackers to modify the...

5.4CVSS6.4AI score0.00218EPSS

Exploits0References2

0day.today•added 2023/11/20 12:0 a.m.•438 views

GaatiTrack Courier Management System 1.0 Cross Site Scripting Vulnerability

Exploit Title: GaatiTrack Courier Management System v1.0 - Multiple Cross-site scripting Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php...

6.1CVSS6.3AI score0.00615EPSS

Exploits3

Prion•added 2023/11/15 1:15 p.m.•16 views

Cross site scripting

The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'courseid' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

5.8CVSS6.6AI score0.00667EPSS

Exploits1References3Affected Software1

NVD•added 2023/11/15 7:15 a.m.•28 views

CVE-2023-4889

The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS0.00434EPSS

Exploits0References2

NVD•added 2023/11/13 8:15 a.m.•9 views

CVE-2023-5741

The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00557EPSS

Exploits0References4

WPVulnDB•added 2023/11/13 12:0 a.m.•17 views

Simply Excerpts <= 1.4 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC Put the following...

4.8CVSS6.8AI score0.00424EPSS

Exploits2

OSV•added 2023/11/07 12:15 p.m.•14 views

CVE-2023-5660

The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.7AI score

Exploits0References2

NVD•added 2023/11/07 12:15 p.m.•13 views

CVE-2023-5703

The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giftup' shortcode in all versions up to, and including, 2.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

6.4CVSS0.0059EPSS

Exploits1References4

Prion•added 2023/11/07 12:15 p.m.•14 views

Cross site scripting

The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialfeed' shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

4.9CVSS5.9AI score0.00467EPSS

Exploits1References2Affected Software1

Prion•added 2023/11/07 12:15 p.m.•10 views

Cross site scripting

The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sfp-page-plugin' shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

4.9CVSS5.8AI score0.00566EPSS

Exploits0References5Affected Software1

Prion•added 2023/11/07 12:15 p.m.•12 views

Cross site scripting

4.9CVSS5.9AI score0.0059EPSS

Exploits1References4Affected Software1

Cvelist•added 2023/11/07 11:31 a.m.•25 views

CVE-2023-5567 QR Code Tag <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS6AI score0.00434EPSS

Exploits0References2

Cvelist•added 2023/11/07 11:31 a.m.•19 views

CVE-2023-5661 Social Feed <= 1.5.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode

6.4CVSS5.8AI score0.00467EPSS

Exploits1References2

Vulnrichment•added 2023/11/07 11:31 a.m.•4 views

CVE-2023-5703 Gift Up Gift Cards for WordPress and WooCommerce <= 2.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS6.8AI score0.0059EPSS

Exploits1References4

NVD•added 2023/11/07 11:15 a.m.•15 views

CVE-2023-5507

The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'imagemap' shortcode in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS0.00434EPSS

Exploits0References2

Prion•added 2023/11/07 11:15 a.m.•19 views

Cross site scripting

4.9CVSS5.9AI score0.00434EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/11/07 7:33 a.m.•5 views

CVE-2023-5076 Ziteboard Online Whiteboard <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via ziteboard Shortcode

The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ziteboard' shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.8AI score0.00434EPSS

Exploits0References2

Prion•added 2023/11/03 2:15 p.m.•15 views

Cross site scripting

The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'currentgroupid' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

5.8CVSS6.4AI score0.00374EPSS

Exploits0References2Affected Software1

Prion•added 2023/11/03 1:15 p.m.•15 views

Cross site scripting

The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

4.9CVSS5.6AI score0.00532EPSS

Exploits1References4Affected Software1

WPVulnDB•added 2023/11/03 12:0 a.m.•16 views

idbbee <= 1.0 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not adequately sanitize and escape user supplied attributes in the 'idbbee' shortcode. This can lead to injection of arbitrary web scripts that execute whenever a user accesses an injected page...

5.4CVSS7.4AI score0.00378EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by