CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Cvelist•added 2023/06/09 5:33 a.m.•26 views

CVE-2023-2402 Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.13 - Reflected Cross-Site Scripting

The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS6.2AI score0.00433EPSS

Exploits0References2

Cvelist•added 2023/06/09 5:33 a.m.•31 views

CVE-2023-1917 PowerPress <= 10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

5.4CVSS5.2AI score0.00529EPSS

Exploits1References5

Vulnrichment•added 2023/06/09 5:33 a.m.•15 views

CVE-2023-0992 Shield Security <= 17.0.17 - Unauthenticated Stored Cross-Site Scripting

The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an...

7.2CVSS6.8AI score0.93046EPSS

Exploits2References4

WPVulnDB•added 2023/06/09 12:0 a.m.•18 views

WP Mail Catcher < 2.1.3 - Unauthenticated Stored Cross-Site Scripting

The plugin does not adequately sanitize input or escape output in the email subject, which could lead to the injection of arbitrary web scripts...

7.2CVSS6.6AI score0.00466EPSS

Exploits0References1Affected Software1

NVD•added 2023/06/07 2:15 a.m.•16 views

CVE-2021-4378

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions like subscribers, to inject...

6.4CVSS5.7AI score0.00492EPSS

Exploits1References2

NVD•added 2023/06/07 2:15 a.m.•17 views

CVE-2020-36722

The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser...

5.5CVSS5.2AI score0.00728EPSS

Exploits1References4

NVD•added 2023/06/07 2:15 a.m.•10 views

CVE-2020-36709

The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...

5.5CVSS5.1AI score0.00642EPSS

Exploits1References3

NVD•added 2023/06/07 2:15 a.m.•14 views

CVE-2020-36715

The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute i...

7.4CVSS7.2AI score0.00697EPSS

Exploits1References3

NVD•added 2023/06/07 2:15 a.m.•13 views

CVE-2019-25146

The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.2CVSS6.2AI score0.00803EPSS

Exploits1References5

Prion•added 2023/06/07 2:15 a.m.•17 views

Cross site scripting

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on the 'savecontentfront' function that uses printr on the user-supplied $REQUEST values . This makes ...

5.8CVSS6AI score0.0075EPSS

Exploits1References3Affected Software1

Prion•added 2023/06/07 2:15 a.m.•15 views

Cross site scripting

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...

4.9CVSS5AI score0.0048EPSS

Exploits1References2Affected Software1

Prion•added 2023/06/07 2:15 a.m.•19 views

Authorization

4.9CVSS4.8AI score0.00697EPSS

Exploits1References3Affected Software1

Prion•added 2023/06/07 2:15 a.m.•10 views

Cross site scripting

4.3CVSS4.9AI score0.00728EPSS

Exploits1References4Affected Software1

Prion•added 2023/06/07 2:15 a.m.•11 views

Cross site scripting

The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logowidth, logoheight, rcsplogourl, homeseclinktxt, rcspheadline and rcspdescription parameters in versions up to, and including, 1.8.1 due to insufficient input sanitizatio...

5.8CVSS5.8AI score0.00766EPSS

Exploits1References4Affected Software1

Prion•added 2023/06/07 2:15 a.m.•12 views

Cross site scripting

5.8CVSS5.8AI score0.00803EPSS

Exploits1References5Affected Software1

Prion•added 2023/06/07 2:15 a.m.•8 views

Cross site scripting

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the floimportformsoptions AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing...

4.9CVSS5.1AI score0.0067EPSS

Exploits1References3Affected Software1

Cvelist•added 2023/06/07 1:51 a.m.•26 views

CVE-2021-4378 WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4CVSS5.9AI score0.00492EPSS

Exploits1References2

Vulnrichment•added 2023/06/07 1:51 a.m.•8 views

CVE-2020-36722 Visual Composer <= 26.0 - Multiple Cross-Site Scripting

5.5CVSS6.1AI score0.00728EPSS

Exploits1References4

Cvelist•added 2023/06/07 1:51 a.m.•20 views

CVE-2020-36722 Visual Composer <= 26.0 - Multiple Cross-Site Scripting

5.5CVSS5.3AI score0.00728EPSS

Exploits1References4

Cvelist•added 2023/06/07 1:51 a.m.•24 views

CVE-2019-25147 Pretty Links <= 2.1.9 - Unauthenticated Stored Cross-Site Scripting via track_link

The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping in the tracklink function. This makes it possible for...

7.2CVSS6.3AI score0.00749EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by