CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8992 matches found

WPVulnDB•added 2023/10/25 12:0 a.m.•12 views

BSK PDF Manager < 3.4.2 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its attributes for the bsk-pdfm-category-dropdown shortcode before outputting them back into the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used agains...

6.4CVSS6AI score0.00449EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/10/25 12:0 a.m.•17 views

WP Font Awesome <= 1.7.9 - Contributor+ Stored Cross-Site Scripting via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back into the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admi...

6.4CVSS5.7AI score0.00565EPSS

Exploits0References1

Vulnrichment•added 2023/10/24 1:52 p.m.•1 views

CVE-2023-5127 WP Font Awesome <= 1.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with...

6.4CVSS6.1AI score0.00565EPSS

Exploits0References10

Vulnrichment•added 2023/10/24 1:52 p.m.•3 views

CVE-2023-5745 Reusable Text Blocks <= 1.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode

The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

5.5CVSS6.8AI score0.00439EPSS

Exploits0References2

Vulnrichment•added 2023/10/24 11:10 a.m.•13 views

CVE-2023-45644 WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...

5.9CVSS5.8AI score0.00409EPSS

Exploits0References1

Cvelist•added 2023/10/24 11:10 a.m.•32 views

CVE-2023-45644 WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...

5.9CVSS5.5AI score0.00409EPSS

Exploits0References1

CVE•added 2023/10/24 11:10 a.m.•38 views

CVE-2023-45644

CVE-2023-45644: Authenticated (admin+) Stored Cross-Site Scripting in the CPT Shortcode Generator plugin prior to or at version 1.0. Root cause details are not explicitly stated in the provided documents, but the vulnerability is described as a stored XSS affecting admin-level contexts. Public ex...

5.9CVSS5.1AI score0.00409EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2023/10/24 12:0 a.m.•4 views

PT-2023-32299 · WordPress · Reusable Text Blocks

Name of the Vulnerable Software and Affected Versions: Reusable Text Blocks plugin for WordPress versions up to, and including, 1.5.3 Description: The issue is related to Stored Cross-Site Scripting via the 'text-blocks' shortcode due to insufficient input sanitization and output escaping on...

5.5CVSS5.5AI score0.00439EPSS

Exploits0References5

Positive Technologies•added 2023/10/24 12:0 a.m.•7 views

PT-2023-32294 · WordPress · Live Chat With Facebook Messenger

Name of the Vulnerable Software and Affected Versions: Live Chat with Facebook Messenger plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode due to insufficient input sanitization and outpu...

6.4CVSS5.6AI score0.00532EPSS

Exploits0References8

Positive Technologies•added 2023/10/24 12:0 a.m.•4 views

PT-2023-31779 · WordPress · Delete Me

Name of the Vulnerable Software and Affected Versions: Delete Me plugin for WordPress versions up to, and including, 3.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin delete me shortcode due to insufficient input sanitization and output escaping on user-supplied...

5.4CVSS5.5AI score0.00445EPSS

Exploits0References5

Positive Technologies•added 2023/10/24 12:0 a.m.•4 views

PT-2023-31682 · WordPress · Advanced Menu Widget

Name of the Vulnerable Software and Affected Versions: Advanced Menu Widget plugin for WordPress versions up to, and including, 0.4.1 Description: The issue is related to Stored Cross-Site Scripting via the 'advMenu' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS5.5AI score0.00352EPSS

Exploits0References6

Positive Technologies•added 2023/10/24 12:0 a.m.•4 views

PT-2023-29621 · WordPress · Cpt Shortcode Generator

Name of the Vulnerable Software and Affected Versions: CPT Shortcode Generator plugin versions prior to 1.1 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For versions prior to 1.1...

5.9CVSS5.4AI score0.00409EPSS

Exploits0References3

Packet Storm•added 2023/10/24 12:0 a.m.•417 views

WordPress LiteSpeed Cache 5.6 Cross Site Scripting

Vulnerability Summary from Wordfence Intelligence Description: LiteSpeed Cache = 5.6 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: LiteSpeed Cache Plugin Slug: litespeed-cache Affected Versions: = 5.6 CVE ID: CVE-2023-4372 CVSS Score: 6.4 Medium CVSS...

7.1AI score0.19684EPSS

Exploits2

Positive Technologies•added 2023/10/23 12:0 a.m.•8 views

PT-2023-28939 · WordPress · Litespeed Cache

Name of the Vulnerable Software and Affected Versions: LiteSpeed Cache plugin for WordPress versions up to, and including, 5.6 Description: The issue is related to Stored Cross-Site Scripting via the esi shortcode due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS6.4AI score0.19684EPSS

Exploits2References18

OSV•added 2023/10/20 8:15 a.m.•2 views

CVE-2023-5086

The Copy Anything to Clipboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'copy' shortcode in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

5.4CVSS6.9AI score0.00436EPSS

Exploits0References3

OSV•added 2023/10/20 8:15 a.m.•2 views

CVE-2023-5109

The WP Mailto Links – Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpmlmailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS6.7AI score0.00424EPSS

Exploits1References2

OSV•added 2023/10/20 8:15 a.m.•4 views

CVE-2023-5337

The Contact form Form For All plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacke...

5.4CVSS6AI score

Exploits0References2

OSV•added 2023/10/20 8:15 a.m.•3 views

CVE-2023-5615

The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS7AI score

Exploits0References2

OSV•added 2023/10/20 8:15 a.m.•2 views

CVE-2023-4999

The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's horizontal-scrolling shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

8.8CVSS7.3AI score

Exploits0References2

OSV•added 2023/10/20 8:15 a.m.•4 views

CVE-2023-4796

The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcjwpoption' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...

4.3CVSS7.3AI score0.00585EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by