Lucene search
+L

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-12424

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00444EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.6 views

CVE-2023-0363

The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS5.2AI score0.00444EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/04/11 12:0 a.m.7 views

WordPress Scheduled Announcements Widget Plugin < 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Scheduled Announcements Widget Type Plugin Vulnerable versions 1.0 Fixed in 1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0363 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6f6b4c3427c3 Credits Lana Code...

5.4CVSS5.9AI score0.00444EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2023/04/10 2:15 p.m.27 views

CVE-2023-0363

The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS5.3AI score0.00444EPSS
Exploits2References1
OSV
OSV
added 2023/04/10 2:15 p.m.4 views

CVE-2023-0363

The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS6.7AI score0.00444EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/04/10 1:17 p.m.5 views

CVE-2023-0363 Scheduled Announcements Widget < 1.0 - Contributor+ Stored XSS

The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.3AI score0.00444EPSS
Exploits2References1
CVE
CVE
added 2023/04/10 1:17 p.m.59 views

CVE-2023-0363

CVE-2023-0363 affects the Scheduled Announcements Widget WordPress plugin prior to 1.0. The root cause is insufficient validation/escaping of shortcode attributes, allowing Stored Cross-Site Scripting when the shortcode is embedded in a page or post. Exploitation potential requires Contributor+ p...

5.4CVSS5.5AI score0.00444EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/04/10 12:0 a.m.4 views

WordPress plugin Scheduled Announcements Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

5.4CVSS6.5AI score0.00444EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.5 views

PT-2023-16213 · WordPress · Scheduled Announcements Widget

Name of the Vulnerable Software and Affected Versions: Scheduled Announcements Widget WordPress plugin versions prior to 1.0 Description: The issue arises from the lack of validation and escaping of some shortcode attributes in the Scheduled Announcements Widget WordPress plugin. This could allow...

5.4CVSS8.3AI score0.00444EPSS
Exploits2References5
Rows per page
Query Builder