Lucene search
K

2102 matches found

CVE
CVE
added 2023/05/03 11:4 a.m.37 views

CVE-2023-25798

CVE-2023-25798 is a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Olevmedia Shortcodes (versions 1.1.9) to mitigate risk. Monitor for official patch details as they become publicly available.

6.5CVSS5.4AI score0.00361EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/05/03 12:0 a.m.5 views

WordPress plugin Olevmedia Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

6.5CVSS6.6AI score0.00361EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/03 12:0 a.m.6 views

PT-2023-20313 · WordPress · Olevmedia Shortcodes

Name of the Vulnerable Software and Affected Versions: Olevmedia Shortcodes plugin versions 1.1.9 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited by contributors or those with higher authentication levels. There...

6.5CVSS5.9AI score0.00361EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/05/02 12:0 a.m.6 views

PT-2023-16594 · WordPress · Stagtools

Name of the Vulnerable Software and Affected Versions: StagTools WordPress plugin versions prior to 2.3.7 Description: The issue concerns the StagTools WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could...

5.4CVSS5.8AI score0.00444EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.6 views

WordPress plugin Video Central 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.5AI score0.00444EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/04/24 12:0 a.m.11 views

WordPress Arconix Shortcodes Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23703 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a66cbc072f58 Credits István Márton Requir...

6.5CVSS6AI score0.00361EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/04/14 12:0 a.m.13 views

WordPress Shortcodes Plugin <= 3.46 is vulnerable to Broken Access Control

Software Shortcodes Type Plugin Vulnerable versions = 3.46 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23725 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 82dcb0293d26 Credits István Márton Required privilege...

6.9AI score0.00527EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/05 12:0 a.m.10 views

Slimstat Analytics < 4.9.4 - Subscriber+ SQL Injection

The plugin does not prevent subscribers from rendering certain shortcodes that concatenate attributes directly into an SQL query. PoC...

7.3AI score
Exploits0References1Affected Software1
OSV
OSV
added 2023/03/30 12:15 p.m.6 views

CVE-2023-25040

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin = 5.12.6 versions...

5.4CVSS6.7AI score0.00414EPSS
Exploits0References1
NVD
NVD
added 2023/03/30 12:15 p.m.26 views

CVE-2023-25040

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin = 5.12.6 versions...

6.5CVSS5.9AI score0.00414EPSS
Exploits0References1
Prion
Prion
added 2023/03/30 12:15 p.m.17 views

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin = 5.12.6 versions...

4.9CVSS5.2AI score0.00414EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/30 11:10 a.m.5 views

CVE-2023-25040 WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin = 5.12.6 versions...

6.5CVSS5.8AI score0.00414EPSS
Exploits0References1
CVE
CVE
added 2023/03/30 11:10 a.m.59 views

CVE-2023-25040

CVE-2023-25040 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Shortcodes Ultimate (aka Shortcodes Ultimate) by Vova Anokhin, affecting versions &lt;= 5.12.6. The issue is a stored XSS flaw; the exact root-cause details are not provided in the supplied documents. Publ...

6.5CVSS5.3AI score0.00414EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/30 12:0 a.m.7 views

PT-2023-19889 · WordPress · Shortcodes Ultimate

Name of the Vulnerable Software and Affected Versions: Shortcodes Ultimate plugin versions = 5.12.6 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability affects users with contributor or higher permissions. There is no information provided about...

6.5CVSS5.5AI score0.00414EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/30 12:0 a.m.3 views

WordPress plugin Shortcodes Ultimate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS6.4AI score0.00414EPSS
Exploits0References2
OSV
OSV
added 2023/03/27 4:15 p.m.4 views

CVE-2023-0467

The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing...

4.3CVSS6.6AI score0.00678EPSS
Exploits2References1
NVD
NVD
added 2023/03/27 4:15 p.m.21 views

CVE-2023-0467

The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing...

4.3CVSS4.7AI score0.00678EPSS
Exploits2References1
Prion
Prion
added 2023/03/27 4:15 p.m.19 views

Memory corruption

The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing...

4CVSS4.7AI score0.00678EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.4 views

PT-2023-16288 · WordPress · Wp Dark Mode

Name of the Vulnerable Software and Affected Versions: WP Dark Mode WordPress plugin versions prior to 4.0.8 Description: The issue arises from improper sanitization of the style parameter in shortcodes, leading to Local File Inclusion. This can occur on servers where non-existent directories may...

4.3CVSS9.5AI score0.00678EPSS
Exploits2References4
wpexploit
wpexploit
added 2023/03/27 12:0 a.m.117 views

Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below shortcodes i...

5.4CVSS5.6AI score0.00529EPSS
Exploits2
Rows per page
Query Builder