CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Cvelist•added 2023/06/07 1:51 a.m.•20 views

CVE-2019-25146 DELUCKS SEO < 2.1.8 - Stored Cross Site Scripting

The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.2CVSS6.2AI score0.00803EPSS

Exploits1References5

Cvelist•added 2023/06/07 1:51 a.m.•19 views

CVE-2020-36715 Login/Signup Popup < 1.5 - Missing Authorization

The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute i...

7.4CVSS7.2AI score0.00697EPSS

Exploits1References3

Vulnrichment•added 2023/06/07 1:51 a.m.•10 views

CVE-2021-4363 WP Quick FrontEnd Editor <= 5.5 - Reflected Cross-Site Scripting

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on the 'savecontentfront' function that uses printr on the user-supplied $REQUEST values . This makes ...

6.1CVSS6.6AI score0.0075EPSS

Exploits1References3

Vulnrichment•added 2023/06/07 1:51 a.m.•9 views

CVE-2019-25140 Coming Soon Page & Maintenance Mode <= 1.8.1 - Stored Cross Site Scripting

The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logowidth, logoheight, rcsplogourl, homeseclinktxt, rcspheadline and rcspdescription parameters in versions up to, and including, 1.8.1 due to insufficient input sanitizatio...

7.2CVSS6.5AI score0.00766EPSS

Exploits1References4

Cvelist•added 2023/06/07 1:51 a.m.•15 views

CVE-2021-4358 WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Stored Cross-Site Scripting

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6.4AI score0.00786EPSS

Exploits1References3

Vulnrichment•added 2023/06/07 1:51 a.m.•13 views

CVE-2020-36711 Avada <= 6.2.2 - Authenticated (Contributor+) Cross-Site Scripting

The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the updatelayout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web...

6.4CVSS6.3AI score0.00648EPSS

Exploits1References3

Cvelist•added 2023/06/07 1:51 a.m.•16 views

CVE-2020-36703 Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the uploadfiles capability to inject arbitrary web scripts in pages that will execut...

6.4CVSS5.7AI score0.0048EPSS

Exploits1References2

NVD•added 2023/06/03 5:15 a.m.•18 views

CVE-2023-2300

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editposts...

6.4CVSS5.7AI score0.0051EPSS

Exploits1References4

NVD•added 2023/06/03 5:15 a.m.•15 views

CVE-2023-2298

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'businessid' parameter in versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6.3AI score0.00607EPSS

Exploits1References5

Prion•added 2023/06/03 5:15 a.m.•13 views

Cross site scripting

4.9CVSS5AI score0.0051EPSS

Exploits1References3Affected Software1

Prion•added 2023/06/03 12:15 a.m.•15 views

Cross site scripting

The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azhpost' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web...

4.9CVSS5.2AI score0.0048EPSS

Exploits0References3Affected Software1

WPVulnDB•added 2023/06/03 12:0 a.m.•11 views

Don8 <= 0.4 - Admin+ Stored XSS

The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

5.9CVSS6.6AI score0.00369EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/06/02 11:37 p.m.•20 views

CVE-2023-3051 Page Builder by AZEXO <= 1.27.133 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS6AI score0.0048EPSS

Exploits0References3

NVD•added 2023/06/02 7:15 a.m.•24 views

CVE-2023-2835

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6AI score0.00728EPSS

Exploits1References3

Prion•added 2023/06/02 7:15 a.m.•12 views

Cross site scripting

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary...

4.3CVSS4.7AI score0.00373EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/06/02 6:6 a.m.•21 views

CVE-2023-1159

4CVSS5AI score0.00373EPSS

Exploits0References2

Vulnrichment•added 2023/06/02 6:6 a.m.•7 views

CVE-2023-2835 WP Directory Kit <= 1.2.3 - Reflected Cross-Site Scripting via 'search'

6.1CVSS7AI score0.00728EPSS

Exploits1References3

Cvelist•added 2023/06/02 6:6 a.m.•30 views

CVE-2023-2835 WP Directory Kit <= 1.2.3 - Reflected Cross-Site Scripting via 'search'

6.1CVSS6.2AI score0.00728EPSS

Exploits1References3

WPVulnDB•added 2023/06/02 12:0 a.m.•22 views

Online Booking & Scheduling Calendar for WordPress by vcita < 4.3.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitize and escape the businessid parameter of an unprotected REST route endpoint before rendering it back in pages on the website, allowing an unauthenticated attacker to inject arbitrary web scripts, which could target authenticated users such as administrators. PoC curl...

7.2CVSS6.7AI score0.00607EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2023/06/02 12:0 a.m.•13 views

Contact Form Builder by vcita < 4.10.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the email parameter in the plugin settings, which could allow users with roles as low as contributor to inject arbitrary web scripts targeting higher privileged users, such as administrators, into the plugin settings. PoC...

6.4CVSS5.9AI score0.0051EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by