Lucene search
K

72 matches found

OSV
OSV
added 2023/10/20 8:15 a.m.7 views

CVE-2023-4648

The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.8CVSS7.3AI score0.00303EPSS
Exploits0References2
OSV
OSV
added 2023/10/18 8:15 a.m.7 views

CVE-2023-5621

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.9AI score0.004EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/18 9:36 p.m.2 views

CVE-2023-30606 Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably clearcache! and notifychanged!, which when done on a multisite instance, can affect the entire cluster resulting in a...

4.2CVSS5.1AI score0.00388EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.4 views

PT-2023-16771 · WordPress · Simple Giveaways

Name of the Vulnerable Software and Affected Versions: The Simple Giveaways WordPress plugin versions prior to 2.45.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

4.8CVSS8AI score0.00446EPSS
Exploits2References5
OSV
OSV
added 2022/09/06 6:15 p.m.3 views

CVE-2022-2473

The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templatesbrowsingpagetext' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...

4.8CVSS6AI score0.0095EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2022/08/15 12:0 a.m.5 views

PT-2022-16060 · WordPress · Wp-Dbmanager

Name of the Vulnerable Software and Affected Versions: WP-DBManager versions prior to 2.80.8 Description: The issue allows administrators to run arbitrary commands on the server in multisite installations, where only super-administrators should have this capability. Recommendations: For versions...

7.2CVSS7.1AI score0.01012EPSS
Exploits2References3
OSV
OSV
added 2022/06/27 9:15 a.m.4 views

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

4.8CVSS5.8AI score0.00548EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.4 views

CVE-2022-1772

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...

4.8CVSS5.8AI score0.0071EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2022/01/06 11:0 p.m.5 views

CVE-2022-21663 Authenticated Object Injection in Multisites in WordPress

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3...

6.6CVSS7.3AI score0.03695EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2022/01/06 12:0 a.m.8 views

PT-2022-15017 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.3 WordPress versions prior to 3.7.37 Description: The issue concerns a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin ro...

8.8CVSS6.7AI score0.97795EPSS
Exploits15References50
OSV
OSV
added 2021/10/21 8:15 p.m.4 views

CVE-2021-39356

The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the /templates/settings.php file which allowed attackers with administrative user access to inject arbitrary web...

4.8CVSS5.9AI score0.00957EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/10/15 12:0 a.m.3 views

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a security vulnerability that stems from insufficient input validation and cleanup of several parameters found in the /admin/jobsfunction.php file of the job-portal plugin, which is susceptible ...

5.5CVSS5.2AI score0.0088EPSS
Exploits1References5
Rows per page
Query Builder