Lucene search
K

116 matches found

CNNVD
CNNVD
added 2024/05/02 12:0 a.m.5 views

WordPress plugin Icon Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS6.2AI score0.0042EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.8 views

PT-2024-18481 · WordPress · Icon Widget

Name of the Vulnerable Software and Affected Versions: Icon Widget plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS5.9AI score0.0042EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.5 views

WordPress plugin All-in-one Like Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

5.9CVSS6.2AI score0.00345EPSS
Exploits0References2
OSV
OSV
added 2024/03/18 7:15 p.m.5 views

CVE-2024-0711

The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

6.1CVSS5.8AI score0.00413EPSS
Exploits2References1
OSV
OSV
added 2024/03/18 7:15 p.m.4 views

CVE-2024-0951

The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

4.8CVSS7.3AI score0.00379EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/02/12 5:56 a.m.44 views

CVE-2024-24930 WordPress Buttons Shortcode and Widget Plugin <= 1.16 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16...

6.5CVSS6.6AI score0.0031EPSS
Exploits0References1
NVD
NVD
added 2023/11/22 11:15 p.m.35 views

CVE-2023-47813

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in grandslambert Better RSS Widget plugin = 2.8.1 versions...

6.5CVSS0.00416EPSS
Exploits1References1
CVE
CVE
added 2023/11/22 10:43 p.m.74 views

CVE-2023-47813

CVE-2023-47813 relates to the WordPress plugin Better RSS Widget (

6.5CVSS6AI score0.00416EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/11/22 10:43 p.m.36 views

CVE-2023-47813 WordPress Better RSS Widget Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in grandslambert Better RSS Widget plugin = 2.8.1 versions...

6.5CVSS6.7AI score0.00416EPSS
Exploits1References1
OSV
OSV
added 2023/10/26 1:15 p.m.4 views

CVE-2023-46075

Unauth. Reflected Cross-Site Scripting XSS vulnerability in wpdevart Contact Form Builder, Contact Widget plugin = 2.1.6 versions...

6.1CVSS7.3AI score0.00331EPSS
Exploits0References1
CVE
CVE
added 2023/10/26 12:2 p.m.64 views

CVE-2023-46075

CVE-2023-46075 describes an unauthenticated, reflected Cross-Site Scripting (XSS) in the WordPress plugin set of wpdevart Contact Form Builder and Contact Widget, listed as vulnerable up to version 2.1.6 (and up to 2.1.7 per Patchstack). The vulnerability path enables injection of scriptcode that...

7.1CVSS6AI score0.00331EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/10/18 2:15 p.m.26 views

CVE-2023-45628

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in QROkes QR Twitter Widget plugin = 0.2.3 versions...

6.5CVSS5.8AI score0.0031EPSS
Exploits0References1
Prion
Prion
added 2023/10/18 2:15 p.m.17 views

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in QROkes QR Twitter Widget plugin = 0.2.3 versions...

4.9CVSS5.2AI score0.0031EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/02 2:0 p.m.47 views

CVE-2015-10124

CVE-2015-10124 affects the WordPress plugin Most Popular Posts Widget Plugin (versions up to 0.8). The vulnerability resides in the functions.php, in add_views/show_views, enabling SQL injection that can be exploited remotely. Upgrading to version 0.9 addresses the issue (patch: a99667d11ac8d3200...

9.8CVSS8.3AI score0.00558EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.4 views

PT-2023-10301 · WordPress · Most Popular Posts Widget Plugin

Name of the Vulnerable Software and Affected Versions: Most Popular Posts Widget Plugin versions up to 0.8 Description: A critical issue has been found in the Most Popular Posts Widget Plugin, affecting the add views/show views function of the functions.php file. This issue leads to sql injection...

9.8CVSS6.7AI score0.00558EPSS
Exploits0References6
OSV
OSV
added 2023/09/20 3:15 a.m.5 views

CVE-2023-5063

The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS6AI score0.00437EPSS
Exploits0References3
CVE
CVE
added 2023/08/30 3:41 p.m.43 views

CVE-2023-24397

CVE-2023-24397 affects the WordPress plugin Reservation.Studio widget (versions

5.9CVSS5AI score0.00439EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/30 3:41 p.m.14 views

CVE-2023-24397 WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Reservation.Studio Reservation.Studio widget plugin = 1.0.11 versions...

5.9CVSS5.6AI score0.00439EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.5 views

PT-2023-19558 · Unknown · Reservation.Studio

Name of the Vulnerable Software and Affected Versions: Reservation.Studio Reservation.Studio widget plugin versions 1.0.11 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For...

5.9CVSS5.3AI score0.00439EPSS
Exploits1References4
NVD
NVD
added 2023/08/08 12:15 p.m.23 views

CVE-2023-23877

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin = 2.3.1 versions...

6.5CVSS5.8AI score0.00358EPSS
Exploits0References1
Rows per page
Query Builder