Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

Positive Technologies
Positive Technologiesadded 2024/04/27 12:0 a.m.2 views

PT-2024-25245

Name of the Vulnerable Software and Affected Versions The Timetable and Event Schedule by MotoPress plugin for WordPress versions up to, and including, 2.4.11 Description The issue arises from insufficient escaping on the user-supplied events attribute of the mp-timetable shortcode and lack of...

9.9CVSS6.8AI score0.00406EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2024/03/18 3:15 p.m.10 views

CVE-2024-1333 Responsive Pricing Table < 5.1.11 - Author+ Stored XSS

The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting...

5.8AI score0.00349EPSS
Exploits2References1
Positive Technologies
Positive Technologiesadded 2023/09/15 12:0 a.m.3 views

PT-2023-31415 · WordPress · Allow Php In Posts/Pages

Name of the Vulnerable Software and Affected Versions: Allow PHP in Posts and Pages plugin for WordPress versions up to, and including, 3.0.4 Description: The issue allows authenticated attackers with subscriber-level permissions or above to execute code on the server via the php shortcode. This...

9.9CVSS7.7AI score0.0115EPSS
Exploits0References7
CNNVD
CNNVDadded 2023/02/06 12:0 a.m.2 views

WordPress plugin WP Show Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00363EPSS
Exploits2References2
Vulnrichment
Vulnrichmentadded 2023/01/23 2:31 p.m.5 views

CVE-2022-4832 Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode

The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

6.1AI score0.00181EPSS
Exploits2References1
wpexploit
wpexploitadded 2023/01/03 12:0 a.m.342 views

Justified Gallery < 1.7.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: gallery ids="1" lightbox="' onmouseover='alert1'"...

5.4CVSS1.8AI score0.00198EPSS
Exploits2
wpexploit
wpexploitadded 2022/12/23 12:0 a.m.101 views

Easy Accordion < 2.2.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS0.5AI score0.00252EPSS
Exploits2
Rows per page
Query Builder