Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:31 a.m.8 views

CVE-2022-4765

The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...

5.4CVSS6AI score0.00534EPSS
Exploits2
OSV
OSV
added 2023/01/30 9:15 p.m.2 views

CVE-2022-4765

The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...

5.4CVSS5.8AI score0.00534EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/01/30 8:31 p.m.5 views

CVE-2022-4765 Portfolio for Elementor, Image Gallery & Post Grid | PowerFolio < 2.3.1 - Contributor+ Stored XSS via Shortcode

The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...

5.4AI score0.00534EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/30 8:31 p.m.26 views

CVE-2022-4765 Portfolio for Elementor, Image Gallery & Post Grid | PowerFolio < 2.3.1 - Contributor+ Stored XSS via Shortcode

The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...

5.6AI score0.00534EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/01/30 12:0 a.m.3 views

WordPress plugin Portfolio for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

5.4CVSS5.4AI score0.00534EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/01/30 12:0 a.m.7 views

PT-2023-15449 · WordPress · Portfolio For Elementor

Name of the Vulnerable Software and Affected Versions: The Portfolio for Elementor WordPress plugin versions prior to 2.3.1 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which can lead to Stored Cross-Site Scripting attacks. Users with a role a...

5.4CVSS6.3AI score0.00534EPSS
Exploits2References6
Rows per page
Query Builder