Lucene search
K

155 matches found

CVE
CVE
added 2023/08/16 9:48 a.m.43 views

CVE-2023-30785

CVE-2023-30785 affects the WordPress Video Grid plugin by I Thirteen Web Solution. Versions

7.1CVSS6AI score0.00379EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/16 9:48 a.m.9 views

CVE-2023-30785 WordPress Video Grid Plugin <= 1.21 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Video Grid plugin = 1.21 versions...

7.1CVSS5.8AI score0.00379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.5 views

PT-2023-22978 · I Thirteen Web Solution · I Thirteen Web Solution Video Gallery Plugin

Name of the Vulnerable Software and Affected Versions: I Thirteen Web Solution Video Grid plugin versions 1.21 and earlier Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially...

7.1CVSS6.3AI score0.00379EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/07/25 1:44 p.m.14 views

CVE-2023-36385 WordPress PostX plugin <= 2.9.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through = 2.9.9...

7.1CVSS6.8AI score0.00402EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/12 6:52 a.m.10 views

CVE-2021-4423 RAYS Grid <= 1.2.2 - Cross-Site Request Forgery Bypass

The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the rsgdinsertupdate function. This makes it possible for unauthenticated attackers to update post fields via a forged...

4.3CVSS5.8AI score0.0039EPSS
Exploits0References9
Cvelist
Cvelist
added 2023/07/12 6:52 a.m.23 views

CVE-2021-4423 RAYS Grid <= 1.2.2 - Cross-Site Request Forgery Bypass

The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the rsgdinsertupdate function. This makes it possible for unauthenticated attackers to update post fields via a forged...

4.3CVSS4.6AI score0.0039EPSS
Exploits0References9
Prion
Prion
added 2023/05/23 2:15 p.m.12 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in RadiusTheme The Post Grid plugin = 5.0.4 versions...

6.8CVSS8.7AI score0.00256EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/23 1:12 p.m.9 views

CVE-2022-46853 WordPress The Post Grid Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in RadiusTheme The Post Grid plugin = 5.0.4 versions...

4.3CVSS7AI score0.00256EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/04/18 12:0 a.m.11 views

WordPress Video Grid Plugin <= 1.21 is vulnerable to Cross Site Scripting (XSS)

Software Video Grid Type Plugin Vulnerable versions = 1.21 Fixed in 1.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30785 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b4d82d8cb320 Credits yuyudhn Required privile...

7.1CVSS5.9AI score0.00379EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/23 12:0 a.m.9 views

The Post Grid <= 5.0.4 - Settings Update via CSRF

The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged-in admins perform such action via a CSRF attack...

8.8CVSS6.7AI score0.00256EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/30 12:0 a.m.6 views

PT-2023-16011 · WordPress · Post Grid

Name of the Vulnerable Software and Affected Versions: The Post Grid, Post Carousel, & List Category Posts WordPress plugin versions prior to 2.4.19 Description: The issue concerns a lack of validation and escaping of certain block options in the plugin, which could allow users with the contribut...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References4
vulnersOsv
vulnersOsv
added 2022/05/14 12:54 a.m.10 views

com.amashchenko.struts2.actionflow:struts2-actionflow-plugin (=2.4.0), com.amashchenko.struts2.actionflow:struts2-actionflow-showcase (=2.4.0) +68 more potentially affected by CVE-2016-3087 via org.apache.struts:struts2-core (>=2.3.1.1 <=2.3.20.1)

org.apache.struts:struts2-core MAVEN version =2.3.1.1, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.1.0, =1.1.0, =2.0.1 - com.jgeppert.struts2.jquery:struts2-jquery-chart-plugin =3.3.0 - com.jgeppert.struts2.jquery:struts2-jquery-grid-plugin =3.3.0 - com.jgeppert.struts2.jquery:struts2-jquery-mobile-plugin...

9.8CVSS7.2AI score0.81087EPSS
Exploits4
CNVD
CNVD
added 2022/04/13 12:0 a.m.11 views

Wordpress Post Grid plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Post Grid plugin version 2.1.16 previously had a cross-site scripting vulnerability that could be exploited by attackers to...

2.1AI score
Exploits0Affected Software1
CNVD
CNVD
added 2022/04/13 12:0 a.m.12 views

Wordpress Post Grid plugin cross-site scripting vulnerability (CNVD-2022-44253)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress plugin Post Grid plugin version prior to 2.1....

2AI score
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/11 3:15 p.m.7 views

CVE-2022-0447

The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting...

6.4CVSS6.5AI score0.00632EPSS
Exploits2References2
OSV
OSV
added 2022/04/11 3:15 p.m.4 views

CVE-2021-24986

The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form...

6.1CVSS6.4AI score0.00788EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/04/11 2:40 p.m.24 views

CVE-2022-0447 Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types

The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting...

6.2AI score0.00632EPSS
Exploits2References1
Patchstack
Patchstack
added 2022/01/18 12:0 a.m.25 views

WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.5.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Harshit aka fumenoid and Sidhhant Chouhan aka sidchn in WordPress Image Photo Gallery Final Tiles Grid plugin versions = 3.5.2. Solution Update the WordPress Image Photo Gallery Final Tiles Grid plugin to the latest available version at...

5.4CVSS1.2AI score0.00595EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2021/09/27 12:0 a.m.4 views

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin PostX, which stems from the PostX - Gutenberg Blocks for Post Grid WordPress plugin prior to 2.4.10 allows users with roles as low as Contributor to execute a...

5.4CVSS5.6AI score0.0053EPSS
Exploits1References2
Patchstack
Patchstack
added 2021/08/26 12:0 a.m.15 views

WordPress PostX – Gutenberg Blocks for Post Grid plugin <= 2.4.9 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress PostX – Gutenberg Blocks for Post Grid plugin versions = 2.4.9. Solution Update the WordPress PostX – Gutenberg Blocks for Post Grid plugin to the latest available version at least 2.4.10...

5.4CVSS1.6AI score0.00517EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder