Lucene search
K

8997 matches found

Cvelist
Cvelist
added 2024/12/16 6:0 a.m.19 views

CVE-2024-11841 Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode

The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

0.00291EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/12/16 6:0 a.m.8 views

CVE-2024-11841 Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode

The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.9AI score0.00291EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.2 views

WordPress plugin Tithe.ly Giving Button 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS8AI score0.00291EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.3 views

WordPress plugin Geoportail Shortcode 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin.... A cross-site request forgery...

7.1CVSS8.6AI score0.00202EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.6 views

PT-2024-17338 · WordPress · Animated Counters

Name of the Vulnerable Software and Affected Versions: Animated Counters plugin for WordPress versions up to, and including, 2.0 Description: The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode due to insufficient inp...

6.4CVSS7.9AI score0.00311EPSS
Exploits0References11
CVE
CVE
added 2024/12/14 5:34 a.m.41 views

CVE-2024-12459

CVE-2024-12459 – WordPress Ganohrs Toggle Shortcode : A stored XSS vulnerability exists in the Ganohrs Toggle Shortcode plugin for WordPress, affecting versions up to 0.2.4. The issue stems from insufficient input sanitization and output escaping on user-supplied attributes used by the plugin’s t...

6.4CVSS5.7AI score0.00414EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/14 5:34 a.m.8 views

CVE-2024-12459 Ganohrs Toggle Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00414EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/14 5:34 a.m.20 views

CVE-2024-12459 Ganohrs Toggle Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00414EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/14 4:23 a.m.5 views

CVE-2024-12447 Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode

The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS6.5AI score0.00295EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.3 views

PT-2024-17231 · WordPress · Tcbd Popover

Name of the Vulnerable Software and Affected Versions: TCBD Popover plugin for WordPress versions prior to 1.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image' shortcode due to insufficient input sanitization and output escaping on user-suppli...

6.4CVSS6.2AI score0.00351EPSS
Exploits0References14
CNNVD
CNNVD
added 2024/12/14 12:0 a.m.2 views

WordPress plugin Ganohrs Toggle Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

6.4CVSS7.9AI score0.00414EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.2 views

PT-2024-17247 · WordPress · Post Carousel & Slider

Name of the Vulnerable Software and Affected Versions: The Post Carousel & Slider plugin for WordPress versions up to, and including, 1.0.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'post-cs' shortcode due to insufficient input sanitization and output...

6.4CVSS6.2AI score0.00359EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.2 views

PT-2024-17315 · WordPress · Stripe Donation Plugin

Name of the Vulnerable Software and Affected Versions: Stripe Donation plugin for WordPress versions 1.2.5 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'stripe donation' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6.2AI score
Exploits0References9
CNNVD
CNNVD
added 2024/12/14 12:0 a.m.1 views

WordPress plugin Get Post Content Shortcode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

4.3CVSS8.5AI score0.00295EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.5 views

PT-2024-17602 · WordPress · Ganohrs Toggle Shortcode

Name of the Vulnerable Software and Affected Versions: Ganohrs Toggle Shortcode plugin for WordPress versions up to, and including, 0.2.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode due to insufficient input sanitization and output escaping...

6.4CVSS6.2AI score0.00414EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.5 views

PT-2024-17595 · WordPress · Post To Pdf

Name of the Vulnerable Software and Affected Versions: Post to Pdf plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gmptp single post' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6.2AI score0.0027EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.4 views

PT-2024-17636 · WordPress · Woocommerce Cart Count Shortcode

Name of the Vulnerable Software and Affected Versions: WooCommerce Cart Count Shortcode plugin for WordPress versions up to, and including, 1.0.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the cart button shortcode. This...

6.4CVSS7.2AI score0.00346EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.3 views

PT-2024-17639 · WordPress · States Map Us

Name of the Vulnerable Software and Affected Versions: The States Map US plugin for WordPress versions up to, and including, 2.4.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the states...

6.4CVSS6.2AI score0.0043EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.5 views

PT-2024-17313 · WordPress · Cricket Live Score

Name of the Vulnerable Software and Affected Versions: Cricket Live Score plugin for WordPress versions prior to 2.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'cricket score' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS6.1AI score0.00331EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.3 views

PT-2024-17312 · WordPress · Kredeum Nfts

Name of the Vulnerable Software and Affected Versions: Kredeum NFTs versions up to, and including, 1.6.9 Description: The Kredeum NFTs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeum opensky' shortcode due to insufficient input sanitization and output...

6.4CVSS6.1AI score0.00242EPSS
Exploits0References7
Rows per page
Query Builder