Lucene search
+L

176 matches found

OSV
OSV
added 2023/02/21 8:15 p.m.7 views

CVE-2023-0942

The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6AI score0.01213EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2023/02/21 8:15 p.m.3 views

CVE-2023-0942

The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6.1AI score0.01213EPSS
Exploits3References5
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.32 views

WordPress Plugin Japanized For WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6.6AI score0.01213EPSS
Exploits3References4
OSV
OSV
added 2022/04/25 4:16 p.m.3 views

CVE-2021-46782

The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.00788EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/25 4:16 p.m.6 views

CVE-2021-46780

The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00788EPSS
Exploits1References2
OSV
OSV
added 2022/04/25 4:16 p.m.4 views

CVE-2021-46781

The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.00788EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/25 4:16 p.m.8 views

CVE-2021-46781

The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00788EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/04/25 4:16 p.m.5 views

CVE-2021-46782

The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00788EPSS
Exploits1References2
OSV
OSV
added 2022/04/25 4:16 p.m.4 views

CVE-2021-46780

The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.00788EPSS
Exploits1References1
Prion
Prion
added 2022/04/25 4:16 p.m.19 views

Cross site scripting

The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting...

4.3CVSS6.1AI score0.00788EPSS
Exploits1References1Affected Software1
0day.today
0day.today
added 2022/03/30 12:0 a.m.225 views

Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting Vulnerability

Exploit Title: Drupal avataruploader v7.x-1.0-beta8 - Cross Site Scripting XSS Author: Milad karimi Software Link: https://www.drupal.org/project/avataruploader Version: v7.x-1.0-beta8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a avataruploader from any post types. The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/30 12:0 a.m.281 views

Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting (XSS)

Exploit Title: Drupal avataruploader v7.x-1.0-beta8 - Cross Site Scripting XSS Date: 2022-03-22 Author: Milad karimi Software Link: https://www.drupal.org/project/avataruploader Version: v7.x-1.0-beta8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a avataruploader from any po...

7.4AI score
Exploits0
OSV
OSV
added 2022/03/28 6:15 p.m.7 views

CVE-2022-0600

The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.00788EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/03/28 6:15 p.m.6 views

CVE-2022-0600

The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00788EPSS
Exploits2References2
Prion
Prion
added 2022/03/28 6:15 p.m.17 views

Cross site scripting

The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting...

4.3CVSS6.2AI score0.00788EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/03/28 5:23 p.m.72 views

CVE-2022-0621

The CVE-2022-0621 case concerns the WordPress dTabs plugin (versions ≤ 1.4). The vulnerability arises because the tab parameter is not sanitized/escaped before being echoed in an admin page, causing a Reflected Cross-Site Scripting (XSS) condition. Affected component: dTabs plugin’s admin output ...

6.1CVSS6.2AI score0.00788EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2022/03/23 12:0 a.m.229 views

Drupal Avatar Upload 7.x-1.0-beta8 Cross Site Scripting

Exploit Title: Drupal avataruploader v7.x-1.0-beta8 - Cross Site Scripting XSS Date: 2022-03-22 Author: Milad karimi Software Link: https://www.drupal.org/project/avataruploader Version: v7.x-1.0-beta8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a avataruploader from any po...

7.4AI score
Exploits0
OSV
OSV
added 2022/03/11 6:15 p.m.3 views

CVE-2022-25601

Reflected Cross-Site Scripting XSS vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin versions = 2.4...

6.1CVSS5.4AI score0.01002EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.6 views

WordPress plugin Contact Form X跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress Contact Form X plugin version 2.4 and earlier. The vulnerability stems from a la...

6.1CVSS5.3AI score0.01002EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2022/02/14 12:15 p.m.6 views

CVE-2022-0176

The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00876EPSS
Exploits2References3
Rows per page
Query Builder