Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-2811 |
Description: The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|
|
CVE-2023-2751 |
Description: The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.
CVSS: LOW (0.0) EPSS Score: 0.08%
December 12th, 2024 (5 months ago)
|
|
CVE-2023-2684 |
Description: The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|
|
CVE-2023-2654 |
Description: The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS: LOW (0.0) EPSS Score: 0.07%
December 12th, 2024 (5 months ago)
|
|
CVE-2023-2527 |
Description: The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (5 months ago)
|
|
CVE-2023-2399 |
Description: The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 12th, 2024 (5 months ago)
|
|
CVE-2023-0489 |
Description: The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVSS: LOW (0.0) EPSS Score: 0.06%
December 12th, 2024 (5 months ago)
|
|
CVE-2024-11107 |
Description: The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (5 months ago)
|
|
CVE-2024-10708 |
Description: The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (5 months ago)
|
|
CVE-2024-9651 |
Description: The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (5 months ago)
|