CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Vulnrichment•added 2023/11/20 2:34 p.m.•8 views

CVE-2023-6197

The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audiomerchantsavesettings function. This makes it possible for unauthenticated attackers to modify the...

5.4CVSS6.4AI score0.00131EPSS

Exploits0References2

0day.today•added 2023/11/20 12:0 a.m.•435 views

GaatiTrack Courier Management System 1.0 Cross Site Scripting Vulnerability

Exploit Title: GaatiTrack Courier Management System v1.0 - Multiple Cross-site scripting Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php...

6.1CVSS6.3AI score0.00106EPSS

Exploits3

Prion•added 2023/11/15 1:15 p.m.•15 views

Cross site scripting

The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'courseid' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

5.8CVSS6.6AI score0.00792EPSS

Exploits1References3Affected Software1

NVD•added 2023/11/15 7:15 a.m.•15 views

CVE-2023-4889

The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS0.00102EPSS

Exploits0References2

NVD•added 2023/11/13 8:15 a.m.•9 views

CVE-2023-5741

The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00118EPSS

Exploits0References4

WPVulnDB•added 2023/11/13 12:0 a.m.•17 views

Simply Excerpts <= 1.4 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup. PoC Put the following...

4.8CVSS6.8AI score0.00188EPSS

Exploits2

NVD•added 2023/11/07 12:15 p.m.•12 views

CVE-2023-5703

The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giftup' shortcode in all versions up to, and including, 2.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

6.4CVSS0.00122EPSS

Exploits1References4

OSV•added 2023/11/07 12:15 p.m.•13 views

CVE-2023-5660

The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.7AI score

Exploits0References2

Prion•added 2023/11/07 12:15 p.m.•13 views

Cross site scripting

The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialfeed' shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

4.9CVSS5.9AI score0.00109EPSS

Exploits1References2Affected Software1

Prion•added 2023/11/07 12:15 p.m.•10 views

Cross site scripting

The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sfp-page-plugin' shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

4.9CVSS5.8AI score0.00184EPSS

Exploits0References5Affected Software1

Prion•added 2023/11/07 12:15 p.m.•12 views

Cross site scripting

4.9CVSS5.9AI score0.00122EPSS

Exploits1References4Affected Software1

Cvelist•added 2023/11/07 11:31 a.m.•20 views

CVE-2023-5567 QR Code Tag <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS6AI score0.00165EPSS

Exploits0References2

Cvelist•added 2023/11/07 11:31 a.m.•14 views

CVE-2023-5661 Social Feed <= 1.5.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode

6.4CVSS5.8AI score0.00109EPSS

Exploits1References2

Vulnrichment•added 2023/11/07 11:31 a.m.•4 views

CVE-2023-5703 Gift Up Gift Cards for WordPress and WooCommerce <= 2.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS6.8AI score0.00122EPSS

Exploits1References4

NVD•added 2023/11/07 11:15 a.m.•7 views

CVE-2023-5507

The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'imagemap' shortcode in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS0.00165EPSS

Exploits0References2

Prion•added 2023/11/07 11:15 a.m.•19 views

Cross site scripting

4.9CVSS5.9AI score0.00165EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/11/07 7:33 a.m.•5 views

CVE-2023-5076 Ziteboard Online Whiteboard <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via ziteboard Shortcode

The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ziteboard' shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.8AI score0.00208EPSS

Exploits0References2

Prion•added 2023/11/03 2:15 p.m.•15 views

Cross site scripting

The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'currentgroupid' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

5.8CVSS6.4AI score0.0071EPSS

Exploits0References2Affected Software1

Prion•added 2023/11/03 1:15 p.m.•15 views

Cross site scripting

The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

4.9CVSS5.6AI score0.00079EPSS

Exploits1References4Affected Software1

WPVulnDB•added 2023/11/03 12:0 a.m.•12 views

FareHarbor < 3.6.8 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not adequately sanitize input or escape output on user-supplied attributes, leading to the possibility of Stored Cross-Site Scripting via shortcodes. This issue arises when authenticated users with contributor-level or higher permissions inject arbitrary web scripts in...

6.4CVSS5.7AI score0.00118EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by