Lucene search
K

277 matches found

CVE
CVE
added 2025/01/18 7:5 a.m.38 views

CVE-2024-13385

CVE-2024-13385 – JSM Screenshot Machine Shortcode (WordPress) is a Stored Cross-Site Scripting vulnerability in the JSM Screenshot Machine Shortcode plugin for WordPress, affecting all versions up to 2.3.0. The issue arises from insufficient input sanitization and lack of proper output escaping o...

6.4CVSS5.8AI score0.00325EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/14 5:24 a.m.4 views

CVE-2024-13323 Booking Calendar <= 10.9.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00374EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/11 7:21 a.m.15 views

CVE-2024-11758 WP SPID Italia <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit...

6.4CVSS0.00325EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/08 6:41 a.m.15 views

CVE-2024-9673

...

Exploits0
NVD
NVD
added 2025/01/07 6:15 a.m.15 views

CVE-2024-12439

The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'marketplace' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00323EPSS
Exploits0References3
NVD
NVD
added 2025/01/07 4:15 a.m.6 views

CVE-2024-11899

The Slider Pro Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sliderpro' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00331EPSS
Exploits0References5
NVD
NVD
added 2024/12/21 9:15 a.m.28 views

CVE-2024-9545

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auxcontactbox and auxgmaps shortcodes in all versions up to, and including, 2.17.0 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00315EPSS
Exploits0References5
NVD
NVD
added 2024/12/18 3:15 a.m.8 views

CVE-2024-12500

The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS0.00422EPSS
Exploits0References10
CVE
CVE
added 2024/12/12 4:23 a.m.54 views

CVE-2024-11384

CVE-2024-11384 applies to the Arena.IM – Live Blogging for real-time events WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin’s arena blog shortcode that affects all versions up to and including 0.3.0, arising from insufficient input sanitization and output ...

6.4CVSS5.8AI score0.0025EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/12/06 8:24 a.m.51 views

CVE-2024-11339

The CVE-2024-11339 entry concerns the WordPress plugin Smart PopUp Blaster. It describes a Stored Cross-Site Scripting vulnerability in the spb-button shortcode, affecting all versions up to 1.4.3, due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitatio...

6.4CVSS5.7AI score0.00254EPSS
Exploits0References2
NVD
NVD
added 2024/12/04 8:15 a.m.11 views

CVE-2024-11769

The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS0.0026EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.5 views

WordPress plugin多款产品 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

6.4CVSS7.5AI score0.00421EPSS
Exploits0References14
NVD
NVD
added 2024/12/03 10:15 a.m.40 views

CVE-2024-11782

The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mstsubscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS0.00288EPSS
Exploits0References3
NVD
NVD
added 2024/11/28 9:15 a.m.20 views

CVE-2024-11761

The LegalWeb Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'legalweb-popup' shortcode in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.0031EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/28 8:47 a.m.20 views

CVE-2024-11786 Login with Vipps and MobilePay <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Login with Vipps and MobilePay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'continue-with-vipps' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00391EPSS
Exploits0References3
NVD
NVD
added 2024/11/26 9:15 a.m.35 views

CVE-2024-11192

The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00408EPSS
Exploits0References5
NVD
NVD
added 2024/11/23 12:15 p.m.20 views

CVE-2024-11229

The 코드엠샵 소셜톡 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's addplusfriends and addplustalk shortcodes in all versions up to, and including, 1.1.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00456EPSS
Exploits0References7
CVE
CVE
added 2024/11/23 11:23 a.m.58 views

CVE-2024-11231

CVE-2024-11231 concerns the WordPress plugin “우커머스 네이버페이” (WooCommerce Naver Pay) for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the plugin’s mnp_purchase shortcode in all versions up to and including 3.3.7, caused by insufficient input sanitization and output escapin...

6.4CVSS5.7AI score0.00433EPSS
Exploits0References4
NVD
NVD
added 2024/11/15 6:15 a.m.15 views

CVE-2024-10113

The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenterad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00362EPSS
Exploits0References3
CVE
CVE
added 2024/11/13 2:2 a.m.49 views

CVE-2024-10887

CVE-2024-10887 affects the NiceJob WordPress plugin. It is a Stored XSS via multiple shortcodes (nicejob-lead, -review, -engage, -badge, -stories) in all versions up to 3.6.5 due to insufficient input sanitization and output escaping. Exploitation requires Contributor+ authentication; injected sc...

6.4CVSS7.4AI score0.00447EPSS
Exploits0References7
Rows per page
Query Builder