CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

wpexploit•added 2023/02/27 12:0 a.m.•144 views

Shortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure

The plugin does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta except the userpass, such as the user email and activation key by default. Run one of the below commands in the developer console ...

6.5CVSS7AI score0.00654EPSS

Exploits2

OSV•added 2023/02/21 9:15 a.m.•1 views

CVE-2023-0559

The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS6.7AI score

Exploits0References1

OSV•added 2023/02/21 9:15 a.m.•1 views

CVE-2022-4777

The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score

Exploits0References1

NVD•added 2023/02/21 9:15 a.m.•17 views

CVE-2022-4777

5.4CVSS5.3AI score0.00471EPSS

Prion•added 2023/02/21 9:15 a.m.•12 views

Cross site scripting

4.9CVSS5.4AI score0.00471EPSS

Vulnrichment•added 2023/02/21 8:50 a.m.•8 views

CVE-2022-4777 Bootstrap Shortcodes <= 3.4.0 - Contributor+ Stored XSS via Shortcode

5.3AI score0.00471EPSS

CVE•added 2023/02/21 8:50 a.m.•45 views

CVE-2022-4777

CVE-2022-4777 affects the WordPress plugin “Bootstrap Shortcodes” up to version 3.4.0. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient validation and escaping of shortcode attributes, which can allow a user with the contributor role or higher to inject malicio...

5.4CVSS5.3AI score0.00471EPSS

CNNVD•added 2023/02/21 12:0 a.m.•3 views

WordPress Plugin Bootstrap Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00471EPSS

Patchstack•added 2023/02/15 12:0 a.m.•6 views

WordPress Olevmedia Shortcodes Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Olevmedia Shortcodes Type Plugin Vulnerable versions = 1.1.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25798 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a16ed9039437 Credits yuyudhn Required...

6.5CVSS5.8AI score0.00361EPSS

Exploits0References1Affected Software1

VulnCheck KEV•added 2023/02/14 12:0 a.m.•5 views

VulnCheck KEV: CVE-2023-25050

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6...

7.1CVSS7.3AI score0.00591EPSS

Exploits0References1

OSV•added 2023/02/13 3:15 p.m.•5 views

CVE-2022-4562

The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

5.4CVSS5.8AI score0.0054EPSS

NVD•added 2023/02/13 3:15 p.m.•12 views

CVE-2022-4562

5.4CVSS5.3AI score0.0054EPSS

Prion•added 2023/02/13 3:15 p.m.•13 views

Cross site scripting

4.9CVSS5.3AI score0.0054EPSS

Vulnrichment•added 2023/02/13 2:32 p.m.•3 views

CVE-2022-4562 Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS

5.3AI score0.0054EPSS

CVE•added 2023/02/13 2:32 p.m.•66 views

CVE-2022-4562

CVE-2022-4562 affects the Meks Flexible Shortcodes WordPress plugin prior to 1.3.5. The root cause is failure to validate and escape certain shortcode attributes in output, enabling Stored XSS when exploited by users with as low as Contributor; admins and high-privilege users are at risk. Multipl...

5.4CVSS5.3AI score0.0054EPSS

wpexploit•added 2023/02/13 12:0 a.m.•88 views

eVision Responsive Column Layout Shortcodes <= 2.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. bscolumns class='" onmouseover="alert1"...

5.4CVSS5.2AI score0.00471EPSS

Exploits2

CNNVD•added 2023/02/13 12:0 a.m.•3 views

WordPress plugin Meks Flexible Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.4AI score0.0054EPSS

CNNVD•added 2023/02/11 12:0 a.m.•3 views

WordPress plugin ND Shortcodes 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A path traversal vulnerability exists in th...

8.8CVSS8AI score0.01367EPSS