Lucene search
K

107 matches found

WPVulnDB
WPVulnDB
added 2023/11/16 12:0 a.m.15 views

Social Feed <= 1.5.4.6 - Author+ Stored XSS

Description The plugin does not validate and escape some of its socialfeed shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the Author role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS7.7AI score0.00467EPSS
Exploits1
OSV
OSV
added 2023/10/16 8:15 p.m.7 views

CVE-2023-4289

The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

5.4CVSS5.8AI score0.00403EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.9 views

Slick Contact Forms <= 1.3.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.4CVSS5.6AI score0.00345EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.4 views

WordPress plugin Simple Blog Card 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

5.4CVSS6.5AI score0.00371EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/07/04 12:0 a.m.5 views

WordPress plugin ND Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.4AI score0.00444EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/06/12 12:0 a.m.7 views

PT-2023-5536 · WordPress · Nd Shortcodes

Name of the Vulnerable Software and Affected Versions: ND Shortcodes WordPress plugin versions prior to 7.0 Description: The issue is related to the incorrect validation of some shortcode attributes, which are used to generate paths passed to include functions. This allows any authenticated users...

9CVSS8.5AI score0.01683EPSS
Exploits2References9
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.6 views

PT-2023-16342 · WordPress · Wp-D3

Name of the Vulnerable Software and Affected Versions: Wp-D3 WordPress plugin versions prior to 2.4.2 Description: The issue allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks due to the lack of validation and escaping of some shortcode attributes...

5.4CVSS5.9AI score0.00444EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.6 views

WordPress plugin Video Central 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.5AI score0.00444EPSS
Exploits2References2
OSV
OSV
added 2023/04/17 1:15 p.m.4 views

CVE-2023-1274

The Pricing Tables For WPBakery Page Builder formerly Visual Composer WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...

6.5CVSS6.9AI score0.009EPSS
Exploits2References1
OSV
OSV
added 2023/04/10 2:15 p.m.4 views

CVE-2023-0363

The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS6.7AI score0.00444EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.21 views

WordPress Complianz - GDPR/CCPA Cookie Consent Premium Plugin < 6.4.2 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:really-simple-plugins:complianzpremium"; ifdescription...

5.4CVSS5.5AI score0.00558EPSS
Exploits2References1
OSV
OSV
added 2023/03/27 4:15 p.m.3 views

CVE-2023-0660

The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS6.7AI score0.00478EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.5 views

WordPress plugin NEX-Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.4AI score0.00503EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.3 views

WordPress plugin Schedulicity 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...

6.5CVSS5.4AI score0.0056EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.38 views

WordPress plugin menu shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS6.5AI score0.00462EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/03/27 12:0 a.m.4 views

WordPress plugin Complianz 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.5AI score0.00558EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/03/20 12:0 a.m.4 views

WordPress plugin GoToWP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

5.4CVSS6.6AI score0.00444EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/03/20 12:0 a.m.4 views

WordPress plugin Custom Content Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.5AI score0.00444EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/03/20 12:0 a.m.7 views

PT-2023-16220 · WordPress · Wpb Advanced Faq

Name of the Vulnerable Software and Affected Versions: WPB Advanced FAQ WordPress plugin versions 1.0.0 through 1.0.6 Description: The WPB Advanced FAQ WordPress plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is...

5.4CVSS5.7AI score0.00471EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2023/03/14 12:0 a.m.8 views

WordPress Font Awesome Plugin < 4.3.2 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:fontawesome:fontawesome"; ifdescription...

5.4CVSS5.6AI score0.00471EPSS
Exploits2References1
Rows per page
Query Builder