Lucene search
K

33 matches found

Patchstack
Patchstack
added 2023/02/22 12:0 a.m.8 views

WordPress Hero Banner Ultimate Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Hero Banner Ultimate Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-45818 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f00bc682c547 Credits thiennv Required...

6.5CVSS6AI score0.00361EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/02/10 12:0 a.m.10 views

WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Server Side Request Forgery (SSRF)

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.12.6 Fixed in 5.12.7 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-23800 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID b83339aecda3 Credits Rafie Muhamm...

7.1CVSS6.6AI score0.00491EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/11/18 11:15 p.m.15 views

CVE-2022-42459

Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin = 9.7.1 on WordPress...

7.2CVSS0.00798EPSS
Exploits0References2
CVE
CVE
added 2022/11/18 10:17 p.m.70 views

CVE-2022-42459

CVE-2022-42459 affects the WordPress Image Hover Effects Ultimate plugin (versions

7.2CVSS7AI score0.00798EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/11/08 7:15 p.m.21 views

CVE-2022-41136

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Vladimir Anokhin's Shortcodes Ultimate plugin = 5.12.0 on WordPress...

8.8CVSS0.00293EPSS
Exploits0References2
CVE
CVE
added 2022/11/08 6:28 p.m.66 views

CVE-2022-41136

The CVE-2022-41136 entry concerns the WordPress Shortcodes Ultimate plugin, specifically versions

8.8CVSS6.9AI score0.00293EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/10/25 12:0 a.m.21 views

WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability

Auth. WordPress Options Change vulnerability discovered by Vlad Vector Patchstack in the WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...

7.2CVSS3.2AI score0.00798EPSS
Exploits0Affected Software1
CVE
CVE
added 2022/10/11 7:35 p.m.64 views

CVE-2022-38086

CVE-2022-38086 affects the WordPress plugin Shortcodes Ultimate

5.4CVSS4.7AI score0.00285EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/09/23 2:15 p.m.16 views

Cross site scripting

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

4.9CVSS5AI score0.00489EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/05/20 8:15 p.m.15 views

CVE-2022-29424

Authenticated admin or higher user role Reflected Cross-Site Scripting XSS vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin = 9.7.1 at WordPress...

4.8CVSS0.00489EPSS
Exploits0References2
OSV
OSV
added 2022/05/20 8:15 p.m.3 views

CVE-2022-29424

Authenticated admin or higher user role Reflected Cross-Site Scripting XSS vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin = 9.7.1 at WordPress...

4.8CVSS5.8AI score0.00489EPSS
Exploits0References2
OSV
OSV
added 2021/12/15 7:15 p.m.5 views

CVE-2021-36888

Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate versions = 9.6.1 WordPress plugin...

9.8CVSS5.8AI score0.0674EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2017/10/31 12:0 a.m.13 views

Shortcodes Ultimate <= 5.0.0 - Authenticated Contributor Code Execution

The Shortcodes Ultimate plugin does not sanitize the "filter" argument to the "sumeta", "suuser", and "supost" shortcodes, allowing the filter to be set to the "system" function which runs arbitrary code. This is being exploited in the wild; I discovered this though analysis of modsecurity audit...

7.5CVSS0.4AI score0.12092EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder