CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

EUVD•added 2025/10/03 8:7 p.m.•6 views

EUVD-2022-35162

Malicious code in bioql PyPI...

5.5CVSS5.2AI score0.06946EPSS

Exploits6References5

RedhatCVE•added 2025/05/23 4:32 a.m.•4 views

CVE-2023-5560

The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks...

6.1CVSS6.2AI score0.00576EPSS

Exploits2

RedhatCVE•added 2025/05/23 1:8 a.m.•7 views

CVE-2022-2941

The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible...

5.5CVSS6.2AI score0.06946EPSS

Exploits6References1

RedhatCVE•added 2025/05/22 10:59 p.m.•4 views

CVE-2022-2473

The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templatesbrowsingpagetext' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

5.5CVSS5.8AI score0.00988EPSS

Exploits1References1

0day.today•added 2024/06/14 12:0 a.m.•194 views

WP-UserOnline 2.88.0 - Stored Cross Site Scripting (Authenticated) Vulnerability

Exploit Title: WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Authenticated Google Dork: inurl:/wp-content/plugins/wp-useronline/ Exploit Author: Onur Göğebakan Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...

5.5CVSS5.6AI score0.06946EPSS

Exploits6

Vulnrichment•added 2023/11/27 4:22 p.m.•6 views

CVE-2023-5560 WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS

6.2AI score0.00576EPSS

Exploits2References1

CVE•added 2023/11/27 4:22 p.m.•48 views

CVE-2023-5560

The CVE-2023-5560 entry concerns the WP-UserOnline WordPress plugin (versions prior to 2.88.3). The root cause is failure to sanitize and escape the X-Forwarded-For header when its content is output on a page, enabling unauthenticated users to perform a Stored Cross-Site Scripting (XSS) attack. D...

6.1CVSS6.1AI score0.00576EPSS

Exploits2References1Affected Software1

CNNVD•added 2023/11/27 12:0 a.m.•2 views

WordPress plugin WP-UserOnline security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in the...

6.1CVSS6.2AI score0.00576EPSS

Exploits2References1

Positive Technologies•added 2023/11/27 12:0 a.m.•3 views

PT-2023-32176 · WordPress · Wp-Useronline

Name of the Vulnerable Software and Affected Versions: WP-UserOnline WordPress plugin versions prior to 2.88.3 Description: The issue allows unauthenticated users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of the X-Forwarded-For header before its content ...

6.1CVSS6.1AI score0.00576EPSS

Exploits2References3

Packet Storm•added 2022/09/23 12:0 a.m.•340 views

WordPress WP-UserOnline 2.88.0 Cross Site Scripting

Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/wp-useronline/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...

5.5CVSS5.3AI score0.06946EPSS

Exploits6

0day.today•added 2022/09/23 12:0 a.m.•385 views

Wordpress WP-UserOnline 2.88.0 Plugin - Stored Cross Site Scripting Vulnerability

Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/wp-useronline/ Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...

5.5CVSS5.3AI score0.06946EPSS

Exploits6

NVD•added 2022/09/06 6:15 p.m.•11 views

CVE-2022-2473

5.5CVSS0.00988EPSS

Exploits1References8

Prion•added 2022/09/06 6:15 p.m.•9 views

Cross site scripting

4.3CVSS4.7AI score0.00988EPSS

Exploits1References8Affected Software1

Vulnrichment•added 2022/09/06 5:19 p.m.•13 views

CVE-2022-2941 WP-UserOnline <= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5CVSS6.1AI score0.06946EPSS

Exploits6References5

CVE•added 2022/09/06 5:19 p.m.•70 views

CVE-2022-2941

The WP-UserOnline WordPress plugin (versions up to 2.88.0) contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities due to improper sanitization/escaping in the Naming Conventions inputs. This flaw can be exploited by authenticated attackers with administrative privileges to inject Jav...

5.5CVSS5AI score0.06946EPSS

Exploits6References5Affected Software1

Vulnrichment•added 2022/09/06 5:18 p.m.•4 views

CVE-2022-2473 WP-UserOnline <= 2.87.6 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5CVSS6.1AI score0.00988EPSS

Exploits1References8

CVE•added 2022/09/06 5:18 p.m.•60 views

CVE-2022-2473

The WP-UserOnline WordPress plugin (versions up to and including 2.87.6) is affected by a Stored Cross-Site Scripting vulnerability in the templates[browsingpage][text] parameter due to insufficient input sanitization and output escaping. Exploitation requires authenticated access with administra...

5.5CVSS4.6AI score0.00988EPSS

Exploits1References8Affected Software1

Positive Technologies•added 2022/09/06 12:0 a.m.•2 views

PT-2022-16836 · WordPress · Wp-Useronline

Name of the Vulnerable Software and Affected Versions: WP-UserOnline plugin for WordPress versions up to, and including, 2.87.6 Description: The issue is related to Stored Cross-Site Scripting via the templatesbrowsingpagetext parameter due to insufficient input sanitization and output escaping...

5.5CVSS4.8AI score0.00988EPSS

Exploits1References11

Packet Storm•added 2022/07/29 12:0 a.m.•219 views

WordPress WP-UserOnline 2.87.6 Cross Site Scripting

Exploit Title: WordPress Plugin WP-UserOnline 2.87.6 - Stored Cross-Site Scripting XSS Date: 21/07/2022 Exploit Author: Steffin Stanly Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link: https://wordpress.org/plugins/wp-useronline/ Version: WP-UserOnline and enter the data...

7.4AI score

Exploits0

Exploit DB•added 2022/07/29 12:0 a.m.•396 views

WordPress Plugin WP-UserOnline 2.87.6 - Stored Cross-Site Scripting (XSS)

7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by