Search Results (366763 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-23891 1 Oceanwp 1 Ocean Extra 2025-01-10 5.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.1 versions. Needs the OceanWP theme installed and activated.
CVE-2023-25062 1 Pinpoint 1 Pinpoint Booking System 2025-01-10 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.2.8 versions.
CVE-2023-25059 1 Avalex 1 Avalex 2025-01-10 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin <= 3.0.3 versions.
CVE-2023-24398 1 Snapcreek 1 Ezp Coming Soon Page 2025-01-10 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions.
CVE-2025-0211 1 Campcodes 1 School Faculty Scheduling System 2025-01-10 6.3 Medium
A vulnerability was found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-33189 1 Pomerium 1 Pomerium 2025-01-10 10 Critical
Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.
CVE-2023-25022 1 Kibokolabs 1 Watu Quiz 2025-01-10 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.8 versions.
CVE-2023-25027 1 Kibokolabs 1 Chained Quiz 2025-01-10 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Chained Quiz plugin <= 1.3.2.5 versions.
CVE-2023-33191 1 Nirmata 1 Kyverno 2025-01-10 4.6 Medium
Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity `validate.podSecurity` subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4.
CVE-2023-33955 1 Minio 1 Console 2025-01-10 4.3 Medium
Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0.
CVE-2023-25024 1 Icegram 1 Icegram Collect 2025-01-10 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Icegram Icegram Collect plugin <= 1.3.8 versions.
CVE-2023-25031 1 Kibokolabs 1 Arigato Autoresponder And Newsletter 2025-01-10 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions.
CVE-2023-25020 1 Kibokolabs 1 Arigato Autoresponder And Newsletter 2025-01-10 7.1 High
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.
CVE-2023-25041 1 Cththemes 1 Monolit 2025-01-10 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Monolit theme <= 2.0.6 versions.
CVE-2023-28993 1 Albo Pretorio On Line Project 1 Albo Pretorio On Line 2025-01-10 7.1 High
Unauth.  Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin <= 4.6.1 versions.
CVE-2023-23885 1 Fullworksplugins 1 Quick Contact Form 2025-01-10 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.
CVE-2023-23994 1 Auto Hide Admin Bar Project 1 Auto Hide Admin Bar 2025-01-10 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1 versions.
CVE-2023-25464 1 Streamweasels 1 Twitch Player 2025-01-10 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StreamWeasels Twitch Player plugin <= 2.1.0 versions.
CVE-2023-25711 1 Wpglobus 1 Wpglobus Translate Options 2025-01-10 5.8 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin <= 2.1.0 versions.
CVE-2023-25702 1 Fullworksplugins 1 Quick Paypal Payments 2025-01-10 5.9 Medium
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.