CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

229 matches found

OSV•added 2023/02/06 8:15 p.m.•2 views

CVE-2022-4674

The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score

Exploits0References1

Vulnrichment•added 2023/02/06 7:59 p.m.•9 views

CVE-2022-4674 Ibtana – WordPress Website Builder < 1.1.8.8 - Contributor+ Stored XSS via Shortcode

6.1AI score0.00363EPSS

Exploits2References1

OSV•added 2023/01/30 9:15 p.m.•1 views

CVE-2023-0033

The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS6.1AI score0.00198EPSS

Exploits2References1

OSV•added 2023/01/30 9:15 p.m.•1 views

CVE-2022-4787

Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score

Exploits0References1

OSV•added 2023/01/30 9:15 p.m.•2 views

CVE-2022-4781

The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score

Exploits0References1

OSV•added 2023/01/30 9:15 p.m.•1 views

CVE-2022-4792

The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score0.00442EPSS

Exploits2References1

OSV•added 2023/01/30 9:15 p.m.•2 views

CVE-2022-4793

The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score0.00514EPSS

Exploits2References1

OSV•added 2023/01/30 9:15 p.m.•2 views

CVE-2022-4654

The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score

Exploits0References1

OSV•added 2023/01/30 9:15 p.m.•1 views

CVE-2022-4649

The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score0.00198EPSS

Exploits2References1

OSV•added 2023/01/30 9:15 p.m.•2 views

CVE-2022-4651

The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score0.00198EPSS

Exploits2References1

Vulnrichment•added 2023/01/30 8:31 p.m.•5 views

CVE-2023-0033 PDF Viewer < 1.0.0 - Contributor+ Stored XSS via Shortcode

5.3AI score0.00198EPSS

Exploits2References1

Vulnrichment•added 2023/01/30 8:31 p.m.•5 views

CVE-2022-4793 Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode

5.3AI score0.00514EPSS

Exploits2References1

CNNVD•added 2023/01/30 12:0 a.m.•1 views

WordPress Plugin PDF Viewer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL server set up a personal blog site. WordPress plugin is an application plug-in. Cross-site scripting vulnerability...

5.4CVSS5.5AI score0.00198EPSS

Exploits2References2

OSV•added 2023/01/23 3:15 p.m.•2 views

CVE-2022-4790

The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score

Exploits0References1

OSV•added 2023/01/23 3:15 p.m.•2 views

CVE-2022-4789

The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score0.00181EPSS

Exploits1References1

OSV•added 2023/01/23 3:15 p.m.•2 views

CVE-2022-4675

The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score

Exploits0References1

OSV•added 2023/01/23 3:15 p.m.•1 views

CVE-2022-4650

The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score0.00252EPSS

Exploits2References1

Positive Technologies•added 2023/01/23 12:0 a.m.•1 views

PT-2023-15011 · WordPress · Mongoose Page Plugin

Name of the Vulnerable Software and Affected Versions: Mongoose Page Plugin WordPress plugin versions prior to 1.9.0 Description: The issue concerns a lack of validation and escaping of one of the shortcode attributes in the Mongoose Page Plugin, potentially allowing users with a role as low as...

5.4CVSS5.3AI score0.00285EPSS

Exploits2References4

Positive Technologies•added 2023/01/23 12:0 a.m.•5 views

PT-2023-15518 · Wpzoom · Wpzoom Portfolio Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: WPZOOM Portfolio WordPress plugin versions prior to 1.2.2 Description: The issue concerns a lack of validation and escaping of one of the shortcode attributes in the WPZOOM Portfolio WordPress plugin. This could allow users with a role as low...

5.4CVSS5.3AI score0.00181EPSS

Exploits1References4

OSV•added 2023/01/16 4:15 p.m.•2 views

CVE-2022-4655

The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score0.00198EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by