Lucene search
K

277 matches found

CNVD
CNVD
added 2025/07/08 12:0 a.m.2 views

WordPress Magic Buttons for Elementor Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Magic Buttons for Elementor that stems from insufficient input cleanup and output escaping of user-supplied...

6.4CVSS6.2AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/02 12:0 a.m.4 views

WordPress plugin Magic Buttons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Magic Buttons for Elementor, which stems from insufficient input cleanup and output escaping of user-supplied...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References3
NVD
NVD
added 2025/06/26 2:15 a.m.9 views

CVE-2025-5564

The GC Social Wall plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gcsocialwall' shortcode in all versions up to, and including, 1.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS0.00182EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:35 a.m.5 views

CVE-2024-12437

The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00389EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:4 a.m.5 views

CVE-2024-3718

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6.1AI score0.004EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:30 a.m.6 views

CVE-2024-5664

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and outpu...

6.4CVSS5.8AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:37 a.m.9 views

CVE-2024-4703

The One Page Express Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's onepageexpresscontactform shortcode in all versions up to, and including, 1.6.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:35 a.m.5 views

CVE-2024-13542

The WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgsv' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.8AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:35 a.m.4 views

CVE-2024-13393

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhispervideos' shortcode in all versions up to, and including, 2.6.31 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.8AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:16 a.m.9 views

CVE-2024-8628

The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all versions up to, and including, 1.2.70.3 due to insufficient input sanitization and output escaping o...

5.4CVSS5.8AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:9 a.m.6 views

CVE-2024-13527

The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:5 a.m.6 views

CVE-2024-11823

The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.1CVSS5.8AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:54 a.m.5 views

CVE-2024-11780

The Site Search 360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ss360-resultblock' shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:32 a.m.9 views

CVE-2023-5667

The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5.8AI score0.00544EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:31 a.m.6 views

CVE-2023-5308

The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcastsubscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.0044EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:30 a.m.11 views

CVE-2023-5161

The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-lev...

6.4CVSS5.8AI score0.00568EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:30 a.m.8 views

CVE-2023-5164

The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5.8AI score0.0045EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:29 a.m.10 views

CVE-2023-50453

An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public...

5.3CVSS6.8AI score0.00495EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:42 a.m.7 views

CVE-2023-5744

The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00603EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:39 a.m.4 views

CVE-2023-5743

The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'telnumlink' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00544EPSS
Exploits0References1
Rows per page
Query Builder