Lucene search
K

107 matches found

CNNVD
CNNVD
added 2023/02/13 12:0 a.m.5 views

WordPress plugin Lightbox Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.8CVSS5.4AI score0.00707EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.5 views

WordPress plugin WP Visitor Statistics 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.4AI score0.00477EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.7 views

WordPress plugin Judge.me Product Reviews for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.8CVSS5.4AI score0.00635EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.7 views

WordPress plugin Better Font Awesome 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.8CVSS5.4AI score0.00762EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.3 views

WordPress plugin Twenty20 Image Before-After 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00477EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.8 views

PT-2023-14532 · WordPress · Yarpp

Name of the Vulnerable Software and Affected Versions: YARPP WordPress plugin versions prior to 5.30.3 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes in the YARPP WordPress plugin, which could allow users with the contributor role and above to...

6.8CVSS5.2AI score0.00707EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.5 views

WordPress plugin Easy PayPal Buy Now Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

5.4CVSS5.4AI score0.00477EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.6 views

WordPress plugin YourChannel跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.0055EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.6 views

WordPress plugin WP Show Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00695EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.5 views

WordPress plugin Logo Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.4CVSS6.1AI score0.00578EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.7 views

WordPress plugin Post Category Image With Grid and Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00685EPSS
Exploits2References2
CVE
CVE
added 2023/01/30 8:31 p.m.64 views

CVE-2022-4792

CVE-2022-4792 affects the WordPress plugin “News & Blog Designer Pack” (pre-3.3). The flaw is improper validation/escaping of a shortcode attribute, enabling a user with at least contributor privileges to perform a Stored XSS attack. Impact is limited to data/JS execution via the vulnerable short...

5.4CVSS5.3AI score0.00438EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/30 12:0 a.m.11 views

EmbedSocial < 1.1.28 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC embedsocialstories id="'...

5.4CVSS5.4AI score0.00457EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2023/01/30 12:0 a.m.6 views

WordPress Plugin WP Social Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00534EPSS
Exploits2References2
OSV
OSV
added 2023/01/23 3:15 p.m.5 views

CVE-2022-4760

The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
Prion
Prion
added 2023/01/23 3:15 p.m.16 views

Cross site scripting

The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

4.9CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2023/01/16 4:15 p.m.8 views

CVE-2022-4507

The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins...

5.4CVSS5.8AI score0.00534EPSS
Exploits2References1
OSV
OSV
added 2023/01/16 4:15 p.m.4 views

CVE-2022-4469

The Simple Membership WordPress plugin before 4.2.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00534EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/01/16 12:0 a.m.7 views

WordPress plugin WOOCS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.4CVSS5.4AI score0.00503EPSS
Exploits3References4
CNNVD
CNNVD
added 2023/01/16 12:0 a.m.3 views

WordPress plugin Sidebar Widgets by CodeLights 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
Rows per page
Query Builder