Lucene search

K

WP Page Widget (WordPress Plugin) Security Vulnerabilities

cve
cve

CVE-2024-4208

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-15 03:15 AM
6
cve
cve

CVE-2024-33636

Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through...

5.4CVSS

6.8AI Score

0.0004EPSS

2024-04-29 09:15 AM
25
cve
cve

CVE-2024-2949

The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel widget in all versions up to, and including, 2.6.3 due to...

6.4CVSS

7.6AI Score

0.0004EPSS

2024-04-06 07:15 AM
30
cve
cve

CVE-2024-2919

The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it....

6.4CVSS

6.1AI Score

0.0004EPSS

2024-04-04 03:15 AM
55
cve
cve

CVE-2024-30553

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joby Joseph WP Twitter Mega Fan Box Widget allows Stored XSS.This issue affects WP Twitter Mega Fan Box Widget : from n/a through...

5.9CVSS

9.1AI Score

0.0004EPSS

2024-03-31 08:15 PM
28
cve
cve

CVE-2024-27189

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS.This issue affects WP Social Widget: from n/a through...

6.5CVSS

9.1AI Score

0.0004EPSS

2024-03-15 01:15 PM
35
cve
cve

CVE-2024-1761

The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'buttonColor' and 'phoneNumber'. This makes it.....

6.4CVSS

6AI Score

0.0004EPSS

2024-03-07 05:15 AM
25
cve
cve

CVE-2022-4750

The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

5.4CVSS

5.3AI Score

0.001EPSS

2023-02-21 09:15 AM
16
cve
cve

CVE-2023-0074

The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-30 09:15 PM
25
cve
cve

CVE-2022-32587

Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings...

5.4CVSS

4.6AI Score

0.001EPSS

2022-11-08 07:15 PM
29
2
cve
cve

CVE-2021-24208

The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this....

5.4CVSS

5.3AI Score

0.001EPSS

2021-04-05 07:15 PM
15