Lucene search
K

27 matches found

NVD
NVD
added 2026/06/02 9:16 a.m.17 views

CVE-2026-8885

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/02 7:48 a.m.14 views

EUVD-2026-33893

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS6AI score0.00181EPSS
Exploits0References3
CVE
CVE
added 2026/06/02 7:48 a.m.15 views

CVE-2026-8885

The CVE-2026-8885 entry concerns the WordPress plugin DeMomentSomTres Shortcodes (versions

6.4CVSS6AI score0.00181EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/02 7:48 a.m.37 views

CVE-2026-8885 DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS0.00181EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/01 7:44 p.m.13 views

WordPress DeMomentSomTres Shortcodes plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin DeMomentSomTres Shortcodes versions = 1.1.1...

6.4CVSS5.8AI score0.00181EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/01/15 4:15 p.m.25 views

CVE-2023-5905

The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...

8.1CVSS8AI score0.00579EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/01/15 3:10 p.m.4 views

CVE-2023-5905 DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Subscriber+ unauthorized data export

The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...

7.9AI score0.00579EPSS
Exploits2References1
CVE
CVE
added 2024/01/15 3:10 p.m.96 views

CVE-2023-5905

The CVE-2023-5905 issue affects the DeMomentSomTres WordPress Export Posts With Images plugin (up to 20220825). The vulnerability stems from missing authorization checks when exporting blog data, allowing any logged-in user (e.g., subscribers) to export contents of the blog, including restricted ...

8.1CVSS7.9AI score0.00579EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/15 12:0 a.m.10 views

PT-2024-14841 · WordPress · Demomentsomtres Wordpress Export Posts With Images

Name of the Vulnerable Software and Affected Versions: DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 Description: The issue allows any logged-in user, such as subscribers, to export the contents of the blog, including restricted and unpublished posts, as wel...

8.1CVSS7.9AI score0.00579EPSS
Exploits2References5
CNNVD
CNNVD
added 2024/01/15 12:0 a.m.5 views

WordPress Plugin DeMomentSomTres WordPress Export Posts With Images Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin DeMomentSomTres WordPress...

8.1CVSS6.8AI score0.00579EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.11 views

WordPress DeMomentSomTres WordPress Export Posts With Images Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Software DeMomentSomTres WordPress Export Posts With Images Type Plugin Vulnerable versions = 2.5 Fixed in 20200610 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 568a0722ed5e Credits...

6AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.8 views

WordPress DeMomentSomTres Subscribe Plugin <= 3.201706150908 is vulnerable to Cross Site Scripting (XSS)

Software DeMomentSomTres Subscribe Type Plugin Vulnerable versions = 3.201706150908 Fixed in 3.201903272301 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c4ea936848b0 Credits Rafie...

6AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.7 views

WordPress DeMomentSomTres Gravity Forms Improvements Plugin <= 20170425 is vulnerable to Cross Site Scripting (XSS)

Software DeMomentSomTres Gravity Forms Improvements Type Plugin Vulnerable versions = 20170425 Fixed in 201805021810 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 477dcd7d6435 Credits...

6AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.8 views

WordPress DeMomentSomTres Immediate Send Plugin <= 3.201704251244 is vulnerable to Cross Site Scripting (XSS)

Software DeMomentSomTres Immediate Send Type Plugin Vulnerable versions = 3.201704251244 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 395b22880d0c Credits Rafie Muhammad...

6AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.8 views

WordPress DeMomentSomTres Address Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software DeMomentSomTres Address Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f5877fb71667 Credits Rafie Muhammad Patchstack...

6.2AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.16 views

WordPress DeMomentSomTres Media Tools Auto Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software DeMomentSomTres Media Tools Auto Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e64488cbd744 Credits Rafie Muhammad...

6.2AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.8 views

WordPress DeMomentSomTres Grid Archive Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software DeMomentSomTres Grid Archive Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID be92652d0948 Credits Rafie Muhammad Patchsta...

6.4AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.5 views

WordPress DeMomentSomTres Classify on Publish plugin <= 201703020805 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress DeMomentSomTres Classify on Publish plugin versions = 201703020805. Solution No patched version available...

4.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.8 views

WordPress DeMomentSomTres Grid Archive plugin <= 2.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress DeMomentSomTres Grid Archive plugin versions = 2.1. Solution No patched version available...

4.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.6 views

WordPress DeMomentSomTres Address plugin <= 2.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress DeMomentSomTres Address plugin versions = 2.1. Solution No patched version available...

4.4AI score
Exploits0References2Affected Software1
Rows per page
Query Builder