Lucene search
K

141 matches found

Prion
Prion
added 2023/02/13 3:15 p.m.15 views

Cross site scripting

The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

4.9CVSS5.3AI score0.0054EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/02/13 2:32 p.m.71 views

CVE-2022-4562

CVE-2022-4562 affects the Meks Flexible Shortcodes WordPress plugin prior to 1.3.5. The root cause is failure to validate and escape certain shortcode attributes in output, enabling Stored XSS when exploited by users with as low as Contributor; admins and high-privilege users are at risk. Multipl...

5.4CVSS5.3AI score0.0054EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/13 2:32 p.m.7 views

CVE-2022-4562 Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS

The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

5.3AI score0.0054EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.5 views

WordPress plugin Meks Flexible Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.4AI score0.0054EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/01/17 12:0 a.m.25 views

Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...

5.4CVSS5AI score0.0054EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.380 views

Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

5.4CVSS5.1AI score0.0054EPSS
Exploits2
Patchstack
Patchstack
added 2023/01/17 12:0 a.m.10 views

WordPress Meks Flexible Shortcodes Plugin < 1.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Meks Flexible Shortcodes Type Plugin Vulnerable versions 1.3.5 Fixed in 1.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4562 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8b8d54e4673c Credits Lana Codes...

5.4CVSS5.6AI score0.0054EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2022/10/17 12:15 p.m.16 views

CVE-2022-2574

The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00532EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/10/17 12:0 a.m.3 views

WordPress Plugin Meks Easy Social Share 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.8CVSS5AI score0.00532EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.5 views

PT-2022-17484 · WordPress · Meks Easy Social Share

Name of the Vulnerable Software and Affected Versions: Meks Easy Social Share WordPress plugin versions prior to 1.2.8 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

4.8CVSS4.6AI score0.00532EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.11 views

CVE-2022-2574 Meks Easy Social Share < 1.2.8 - Admin+ Stored Cross-Site Scripting

The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.00532EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/10/17 12:0 a.m.18 views

CVE-2022-2574 Meks Easy Social Share < 1.2.8 - Admin+ Stored Cross-Site Scripting

The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00532EPSS
Exploits2References1
CVE
CVE
added 2022/10/17 12:0 a.m.59 views

CVE-2022-2574

Summary: CVE-2022-2574 affects the WordPress plugin Meks Easy Social Share (versions before 1.2.8). The root cause is inadequate sanitisation/escaping of plugin settings, enabling stored XSS by high-privilege users (e.g., admins), potentially in multisite environments where unfiltered_html is dis...

4.8CVSS4.7AI score0.00532EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/09/26 12:0 a.m.18 views

WordPress Meks Easy Social Share plugin <= 1.2.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Meks Easy Social Share plugin versions = 1.2.7. Solution Update the WordPress Meks Easy Social Share plugin to the latest available version at least 1.2.8...

4.8CVSS2.8AI score0.00532EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/09/26 12:0 a.m.122 views

Meks Easy Social Share < 1.2.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Intercept the request made when saving the setting...

4.8CVSS4.7AI score0.00532EPSS
Exploits2
CNVD
CNVD
added 2022/03/16 12:0 a.m.25 views

WordPress Meks Easy Photo Feed Widget Cross-Site Scripting Vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Meks Easy Photo Feed Widget has a cross-site scripting vulnerability that can be exploited by any...

5.4CVSS1.7AI score0.00591EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/03/14 2:41 p.m.16 views

CVE-2021-24958 Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS

The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the mekssavebusinessselectedaccount AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could...

5.5AI score0.00591EPSS
Exploits2References1
CVE
CVE
added 2022/03/14 2:41 p.m.85 views

CVE-2021-24958

CVE-2021-24958 affects the Meks Easy Photo Feed Widget WordPress plugin prior to version 1.2.4. Root cause: the meks_save_business_selected_account AJAX action lacks capability and CSRF checks and does not escape some settings, making it accessible to any authenticated user. Impact: any authentic...

5.4CVSS5.2AI score0.00591EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.5 views

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Meks Easy Photo Feed Widget has a cross-site scripting vulnerability that can be exploited by any...

5.4CVSS5.3AI score0.00591EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/11/10 12:0 a.m.13 views

Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS

The plugin does not have capability and CSRF checks in the mekssavebusinessselectedaccount AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site...

0.2AI score0.00591EPSS
Exploits2Affected Software1
Rows per page
Query Builder