Export limit exceeded: 347143 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45636 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25606 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2025-02-20 | 4.8 Medium |
| Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vulnerable parameters &download_path, &download_path_url, &download_page_url, &download_categories. | ||||
| CVE-2022-25610 | 1 Plugin-planet | 1 Simple Ajax Chat | 2025-02-20 | 3.4 Low |
| Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit. | ||||
| CVE-2022-25611 | 1 Presstigers | 1 Simple Event Planner | 2025-02-20 | 4.1 Medium |
| Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. | ||||
| CVE-2022-25612 | 1 Presstigers | 1 Simple Event Planner | 2025-02-20 | 4.1 Medium |
| Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact]. | ||||
| CVE-2022-25618 | 1 Tms-outsource | 1 Wpdatatables Lite | 2025-02-20 | 3.4 Low |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27 | ||||
| CVE-2021-36851 | 1 Web-settler | 1 Testimonial Slider | 2025-02-20 | 4.1 Medium |
| Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color. | ||||
| CVE-2021-36910 | 1 Wp-appbox Project | 1 Wp-appbox | 2025-02-20 | 3.4 Low |
| Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. | ||||
| CVE-2021-36848 | 1 Sharethis | 1 Social Media Feather | 2025-02-20 | 3.4 Low |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4 | ||||
| CVE-2021-36896 | 1 W3eden | 1 Pricing Table | 2025-02-20 | 4.8 Medium |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2 | ||||
| CVE-2021-36846 | 1 Premio | 1 Chaty | 2025-02-20 | 4.8 Medium |
| Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3 | ||||
| CVE-2021-36893 | 1 Wpdarko | 1 Responsive Tabs | 2025-02-20 | 4.8 Medium |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5 | ||||
| CVE-2022-27845 | 1 Plausible | 1 Plausible Analytics | 2025-02-20 | 4.8 Medium |
| Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2 | ||||
| CVE-2021-36914 | 1 Claderaform | 1 Calderawp License Manager | 2025-02-20 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11. | ||||
| CVE-2022-27848 | 1 Webnus | 1 Modern Events Calendar Lite | 2025-02-20 | 3.4 Low |
| Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1 | ||||
| CVE-2022-27853 | 1 Contest-gallery | 1 Contest Gallery | 2025-02-20 | 4.8 Medium |
| Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9 | ||||
| CVE-2022-29418 | 1 Night Mode Project | 1 Night Mode | 2025-02-20 | 4.8 Medium |
| Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color]. | ||||
| CVE-2021-36867 | 1 Psychological Tests \& Quizzes Project | 1 Psychological Tests \& Quizzes | 2025-02-20 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. | ||||
| CVE-2021-36895 | 1 Tripetto | 1 Tripetto | 2025-02-20 | 4.7 Medium |
| Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. | ||||
| CVE-2022-27854 | 1 Psychological Tests \& Quizzes Project | 1 Psychological Tests \& Quizzes | 2025-02-20 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. | ||||
| CVE-2022-27860 | 1 Footer-text Project | 1 Footer-text | 2025-02-20 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress. | ||||