CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2096 matches found

OSV•added 2023/10/30 2:15 p.m.•2 views

CVE-2023-5164

The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

5.4CVSS7AI score0.0045EPSS

Exploits0References3

OSV•added 2023/10/30 2:15 p.m.•1 views

CVE-2023-5049

The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied...

5.4CVSS7AI score0.00482EPSS

Exploits0References4

NVD•added 2023/10/30 2:15 p.m.•21 views

CVE-2023-5252

The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level...

6.4CVSS5.7AI score0.0044EPSS

Exploits0References3

Prion•added 2023/10/30 2:15 p.m.•24 views

Cross site scripting

The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

4.9CVSS5.2AI score0.0064EPSS

Exploits1References4Affected Software1

Cvelist•added 2023/10/30 1:48 p.m.•26 views

CVE-2023-5566 Simple Shortcodes <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS5.8AI score0.0064EPSS

Exploits1References4

Vulnrichment•added 2023/10/30 1:48 p.m.•8 views

CVE-2023-5566 Simple Shortcodes <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS6.8AI score0.0064EPSS

Exploits1References4

CVE•added 2023/10/30 1:48 p.m.•38 views

CVE-2023-5566

The CVE-2023-5566 issue affects the WordPress Simple Shortcodes plugin up to version 1.0.20. It enables Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping of user-supplied attributes, allowing authenticated attackers with contributor-level (or hi...

6.4CVSS5.2AI score0.0064EPSS

Exploits1References4Affected Software1

CNNVD•added 2023/10/30 12:0 a.m.•2 views

WordPress Plugin Simple Shortcodes Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS6AI score0.0064EPSS

Exploits1References5

Positive Technologies•added 2023/10/30 12:0 a.m.•2 views

PT-2023-32181 · WordPress · Simple Shortcodes

Name of the Vulnerable Software and Affected Versions: The Simple Shortcodes plugin for WordPress versions up to, and including, 1.0.20 Description: The issue is related to Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS5.4AI score0.0064EPSS

Exploits1References8

Patchstack•added 2023/10/29 12:0 a.m.•9 views

WordPress Simple Shortcodes Plugin <= 1.0.20 is vulnerable to Cross Site Scripting (XSS)

Software Simple Shortcodes Type Plugin Vulnerable versions = 1.0.20 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5566 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f3951a8b757d Credits István Márton Required...

6.4CVSS5.7AI score0.0064EPSS

Exploits1References2Affected Software1

OSV•added 2023/10/27 4:15 a.m.•1 views

CVE-2023-5051

The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrailform' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the 'formid' user supplied attribute. This makes it possible fo...

5.4CVSS7AI score0.0044EPSS

Exploits0References3

OSV•added 2023/10/26 12:15 p.m.•2 views

CVE-2023-46072

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin = 2.0.9 versions...

6.1CVSS5.8AI score0.00331EPSS

Exploits0References1

Prion•added 2023/10/26 12:15 p.m.•18 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin = 2.0.9 versions...

5.8CVSS6AI score0.00331EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/10/26 11:39 a.m.•15 views

CVE-2023-46072 WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin = 2.0.9 versions...

7.1CVSS5.9AI score0.00331EPSS

Exploits0References1

CVE•added 2023/10/26 11:39 a.m.•33 views

CVE-2023-46072

CVE-2023-46072 is an unauthenticated reflected XSS in the WordPress plugin Add Shortcodes Actions And Filters (versions

7.1CVSS6.1AI score0.00331EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/10/26 11:39 a.m.•22 views

CVE-2023-46072 WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin = 2.0.9 versions...

7.1CVSS6.3AI score0.00331EPSS

Exploits0References1

OSV•added 2023/10/25 6:17 p.m.•4 views

CVE-2023-5127

The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with...

5.4CVSS6AI score

Exploits0References9

Prion•added 2023/10/25 6:17 p.m.•20 views

Cross site scripting

4.9CVSS5.2AI score0.00565EPSS

Exploits0References9Affected Software1

Patchstack•added 2023/10/25 12:0 a.m.•6 views

WordPress My Shortcodes Plugin <= 2.3 is vulnerable to Broken Access Control

Software My Shortcodes Type Plugin Vulnerable versions = 2.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46632 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dc2416e3e23e Credits Abdi Pranata Required privile...

6.5AI score0.00364EPSS

Exploits0References1Affected Software1

CVE•added 2023/10/24 1:52 p.m.•41 views

CVE-2023-5127

CVE-2023-5127 affects the WP Font Awesome WordPress plugin (versions ≤ 1.7.9). The vulnerability is a stored XSS via shortcode attributes, specifically the icon attribute, allowing authenticated users with contributor+ privileges to inject scripts into pages executed when viewed. Evidence from mu...

6.4CVSS5.2AI score0.00565EPSS

Exploits0References10Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by