Lucene search
K

9013 matches found

CNNVD
CNNVD
added 2025/01/22 12:0 a.m.3 views

WordPress plugin Simple shortcode buttons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

7.1CVSS7.7AI score0.00382EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/21 10:52 p.m.4 views

WordPress GamiPress plugin <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function vulnerability

Unauthenticated Arbitrary Shortcode Execution via gamipressajaxgetlogs Function vulnerability discovered by mikemyers in WordPress Plugin GamiPress versions = 7.2.1...

7.3CVSS7.1AI score0.00549EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/21 10:49 p.m.5 views

WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...

8.8CVSS7.1AI score0.00309EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/01/21 6:15 p.m.11 views

CVE-2025-22267

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpweaver Weaver Themes Shortcode Compatibility weaver-themes-shortcode-compatibility allows Stored XSS.This issue affects Weaver Themes Shortcode Compatibility: from n/a through = 1.0.4...

6.5CVSS0.00206EPSS
Exploits0References1
NVD
NVD
added 2025/01/21 6:15 p.m.8 views

CVE-2025-22276

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in enguerranws Related Post Shortcode related-post-shortcode allows Stored XSS.This issue affects Related Post Shortcode: from n/a through = 1.2...

5.9CVSS0.0021EPSS
Exploits0References1
CVE
CVE
added 2025/01/21 5:21 p.m.53 views

CVE-2025-22276

CVE-2025-22276 is a stored XSS vulnerability in the WordPress Related Post Shortcode plugin. Affected: Related Post Shortcode (versions up to 1.2, n/a through 1.2). Root cause: improper neutralization of input during web page generation. Impact: stored cross-site scripting vulnerability with low–...

5.9CVSS7.2AI score0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/21 5:21 p.m.9 views

CVE-2025-22267 WordPress Weaver Themes Shortcode Compatibility Plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bruce Wampler Weaver Themes Shortcode Compatibility allows Stored XSS. This issue affects Weaver Themes Shortcode Compatibility: from n/a through 1.0.4...

6.5CVSS6.4AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.2 views

WordPress plugin Weaver Themes Shortcode Compatibility 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

6.5CVSS7.7AI score0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.4 views

PT-2025-2191 · WordPress · Gamipress

Name of the Vulnerable Software and Affected Versions: GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress versions up to, and including, 7.2.1 Description: The issue is related to arbitrary shortcode execution via the gamipress do shortcode function. This ...

7.3CVSS7.8AI score0.00581EPSS
Exploits0References13
NVD
NVD
added 2025/01/18 6:15 a.m.9 views

CVE-2024-9020

The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS0.00313EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/18 6:0 a.m.9 views

CVE-2024-9020 List category posts < 0.90.3 - Author+ Stored XSS

The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4AI score0.00313EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/18 6:0 a.m.10 views

CVE-2024-9020 List category posts < 0.90.3 - Author+ Stored XSS

The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

0.00313EPSS
Exploits1References1
CVE
CVE
added 2025/01/18 6:0 a.m.50 views

CVE-2024-9020

The CVE-2024-9020 entry affects the WordPress plugin List category posts, specifically versions prior to 0.90.3. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient validation/escaping of shortcode attributes, which can allow users with Contributor+ privileges to ...

5.4CVSS5.9AI score0.00313EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/18 12:0 a.m.2 views

PT-2025-2171 · WordPress · Utilities For Mtg

Name of the Vulnerable Software and Affected Versions: Utilities for MTG plugin for WordPress versions up to, and including, 1.4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'mtglink' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS8AI score0.00266EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/01/18 12:0 a.m.2 views

WordPress plugin JSM Screenshot Machine Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

6.4CVSS7.7AI score0.00325EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/18 12:0 a.m.5 views

PT-2025-2150 · WordPress · Video Share Vod – Turnkey Video Site Builder Script

Name of the Vulnerable Software and Affected Versions: Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress versions up to, and including, 2.6.31 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'videowhisper videos' shortcode due to insufficie...

6.4CVSS7.7AI score0.0033EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/01/18 12:0 a.m.3 views

WordPress Weaver Themes Shortcode Compatibility Plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Weaver Themes Shortcode Compatibility versions = 1.0.4...

6.5CVSS6.1AI score0.00206EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/18 12:0 a.m.3 views

PT-2025-2148 · WordPress · Micropayments – Fans Paysite

Name of the Vulnerable Software and Affected Versions: MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet plugin for WordPress versions up to, and including, 2.9.29 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'videowhisper...

6.4CVSS7.8AI score0.00272EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/01/18 12:0 a.m.6 views

PT-2025-2149 · WordPress · The Rate Star Review Vote – Ajax Reviews

Name of the Vulnerable Software and Affected Versions: The Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings plugin for WordPress versions up to, and including, 1.6.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'videowhisper reviews' shortcode due to...

6.4CVSS7.9AI score0.00338EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/01/18 12:0 a.m.4 views

PT-2025-3706 · WordPress · List Category Posts

Name of the Vulnerable Software and Affected Versions: List category posts WordPress plugin versions prior to 0.90.3 Description: The issue concerns the List category posts WordPress plugin, where versions prior to 0.90.3 do not validate and escape some of its shortcode attributes before outputti...

5.4CVSS8.3AI score0.00313EPSS
Exploits1References9
Rows per page
Query Builder