Lucene search
K

8997 matches found

Positive Technologies
Positive Technologies
added 2024/12/21 12:0 a.m.4 views

PT-2024-17353 · WordPress · One Click Upsell Funnel For Woocommerce

Name of the Vulnerable Software and Affected Versions: The One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress versions up to, and including, 3.4.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wps wocuf pro yes shortcode due to insufficient...

6.4CVSS8AI score0.00338EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/21 12:0 a.m.5 views

PT-2024-16813 · WordPress · Multi-Column Tag Map

Name of the Vulnerable Software and Affected Versions: Multi-column Tag Map plugin for WordPress versions up to, and including, 17.0.33 Description: The issue is related to Stored Cross-Site Scripting via the plugin's mctagmap shortcode due to insufficient input sanitization and output escaping o...

6.4CVSS8AI score0.00441EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/12/21 12:0 a.m.3 views

PT-2024-17668 · WordPress · Magicpost

Name of the Vulnerable Software and Affected Versions: MagicPost plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wb share social shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS7.9AI score0.00331EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/12/20 9:7 p.m.4 views

WordPress MagicPost plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wbsharesocial Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin MagicPost – WordPress文章管理功能增强插件 versions = 1.2.1...

6.4CVSS5.8AI score0.00331EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/12/20 8:49 p.m.3 views

WordPress Multi-column Tag Map plugin <= 17.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via mctagmap Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via mctagmap Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Multi-column Tag Map versions = 17.0.33...

6.4CVSS5.8AI score0.00441EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/12/20 8:32 p.m.2 views

WordPress One Click Upsell Funnel for WooCommerce plugin <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpswocufproyes Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin One Click Upsell Funnel for WooCommerce versions = 3.4.9...

6.4CVSS5.8AI score0.00338EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/12/20 8:19 p.m.3 views

WordPress kk Star Ratings plugin <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin kk Star Ratings versions = 5.4.10...

7.3CVSS7.1AI score0.00637EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/12/20 7:58 p.m.4 views

WordPress Serious Slider plugin < 1.2.7 - Contributor+ Stored XSS via Shortcode vulnerability

Contributor+ Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Serious Slider versions 1.2.7...

5.4CVSS6AI score0.00315EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/12/20 6:15 a.m.20 views

CVE-2024-11108

The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS0.00315EPSS
Exploits1References1
OSV
OSV
added 2024/12/20 6:15 a.m.3 views

CVE-2024-11108

The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00315EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/12/20 6:0 a.m.11 views

CVE-2024-11108 Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode

The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.9AI score0.00315EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/20 6:0 a.m.20 views

CVE-2024-11108 Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode

The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

0.00315EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.3 views

PT-2024-17631 · WordPress · Nacc Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: NACC WordPress Plugin versions up to, and including, 4.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS8AI score0.00351EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.17 views

PT-2024-17248 · WordPress · Outdooractive Embed

Name of the Vulnerable Software and Affected Versions: Outdooractive Embed plugin for WordPress version 1.5 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS7.9AI score0.0027EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.4 views

PT-2024-17256 · WordPress · Sell Tickets Online – Ticketsource Ticket Shop

Name of the Vulnerable Software and Affected Versions: Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin versions up to, and including, 3.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode due to insufficient input...

6.4CVSS7.9AI score0.00338EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.2 views

PT-2024-17255 · WordPress · Financial Calculator

Name of the Vulnerable Software and Affected Versions: Financial Calculator plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's finance calculator shortcode due to insufficient input sanitization and output...

6.4CVSS8AI score0.0027EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.3 views

PT-2024-16969 · WordPress · Spotlight

Name of the Vulnerable Software and Affected Versions: Spotlightr plugin for WordPress versions up to, and including, 0.1.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS7.9AI score0.00338EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.3 views

PT-2024-17633 · WordPress · Embed Twine

Name of the Vulnerable Software and Affected Versions: Embed Twine plugin for WordPress versions up to, and including, 0.1.0 Description: The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed twine' shortcode due to insufficient input sanitizati...

6.4CVSS7.9AI score0.0027EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.4 views

PT-2024-17250 · WordPress · Pcrecruiter Extensions

Name of the Vulnerable Software and Affected Versions: PCRecruiter Extensions plugin for WordPress versions up to, and including, 1.4.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode due to insufficient input sanitization and output...

6.4CVSS7.9AI score0.00287EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.3 views

PT-2024-17327 · WordPress · Spoki

Name of the Vulnerable Software and Affected Versions: Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress versions up to, and including, 2.15.14 Description: The issue is related to Stored Cross-Site Scripting via the plugin's spoki button shortcode due to insufficient input...

6.4CVSS7.9AI score0.00379EPSS
Exploits0References8
Rows per page
Query Builder