Lucene search
K

116 matches found

OSV
OSV
added 2023/01/30 9:15 p.m.4 views

CVE-2022-4763

The Icon Widget WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/01/19 12:0 a.m.14 views

WordPress Amr Shortcode Any Widget Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Software Amr Shortcode Any Widget Type Plugin Vulnerable versions = 4.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4458 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 612057d81855 Credits Lana Codes...

5.4CVSS5.9AI score0.00477EPSS
Exploits2References3Affected Software1
CNVD
CNVD
added 2022/06/01 12:0 a.m.14 views

WordPress Birthdays Widget plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Birthdays Widget plugin version 1.7.18 and earlier is vulnerable to a cross-site scripting...

4.8CVSS1.7AI score0.00565EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2022/04/01 12:0 a.m.9 views

The vulnerability of the Widget plugin and the Undo feature of the CKEditor WYSIWYG editor allows attackers to compromise data integrity.

The vulnerability of the Widget plugin and the Undo feature of the CKEditor WYSIWYG editor is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows an attacker to compromise the integrity of data...

5.4CVSS6.4AI score0.01192EPSS
Exploits0References5Affected Software2
wpexploit
wpexploit
added 2021/10/11 12:0 a.m.767 views

Similar Posts < 3.1.6 - Admin+ Arbitrary PHP Code Execution

The plugin allow high privilege users to execute arbitrary PHP code in an hardened environment ie with DISALLOWFILEEDIT, DISALLOWFILEMODS and DISALLOWUNFILTEREDHTML set to true via the 'widgetrrmsimilarpostscondition' widget setting of the plugin. Vendor was notified in July 2021, the issue was...

7.2CVSS1.3AI score0.01514EPSS
Exploits2
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.14 views

WordPress Social Gallery and Widget plugin <= 2.2.5 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Social Gallery and Widget plugin versions = 2.2.5. Solution Update the WordPress Social Gallery and Widget plugin to the latest available version at least 2.3...

5.7CVSS3.6AI score0.00408EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2021/08/26 2:15 a.m.11 views

CVE-2021-20814

Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, and Movable Type Premium 1.44 and earlier allows remote...

6.1CVSS0.00904EPSS
Exploits0References2
OSV
OSV
added 2021/08/26 2:15 a.m.3 views

CVE-2021-20814

Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, and Movable Type Premium 1.44 and earlier allows remote...

6.1CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2021/08/26 2:15 a.m.18 views

Cross site scripting

Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, and Movable Type Premium 1.44 and earlier allows remote...

4.3CVSS6AI score0.00904EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/08/26 1:20 a.m.57 views

CVE-2021-20814

CVE-2021-20814 is a Cross-site scripting vulnerability in Movable Type’s ContentType Information Widget Plugin “Setting” screen. The issue affects Movable Type 7 (r.4903 and earlier), Movable Type Advanced 7 (r.4903 and earlier), and Movable Type Premium 1.44 and earlier, where an attacker can in...

6.1CVSS6AI score0.00904EPSS
Exploits0References2Affected Software1
RubySec
RubySec
added 2021/08/23 12:0 a.m.6 views

Widget feature vulnerability allowing to execute JavaScript code using undo functionality

Affected packages The vulnerability has been discovered in Widget plugin if used alongside Undo feature. Impact A potential vulnerability has been discovered in CKEditor 4 Widget package. The vulnerability allowed to abuse undo functionality using malformed widget HTML, which could result in...

7.6CVSS7AI score0.01192EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/08/12 5:15 p.m.17 views

CVE-2021-32808

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

7.6CVSS0.01192EPSS
Exploits0References7
OSV
OSV
added 2021/08/12 5:15 p.m.31 views

CVE-2021-32808

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

5.4CVSS6.2AI score
Exploits0References7
Prion
Prion
added 2021/08/12 5:15 p.m.28 views

Spoofing

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

3.5CVSS5.7AI score0.01192EPSS
Exploits0References7Affected Software13
Cvelist
Cvelist
added 2021/08/12 4:25 p.m.78 views

CVE-2021-32808 Cross-site scripting in ckeditor via abuse of undo functionality

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

7.6CVSS6.8AI score0.01192EPSS
Exploits0References7
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.183 views

MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting

Exploit Title: MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting Date: 11/28/2018 Author: 0xB9 Software Link: https://github.com/zainali99/trends-widget Version: 1.2 Tested on: Windows 10 1. Description: This plugin shows the most trending threads. Trending thread titles aren't sanitized to...

7.4AI score
Exploits0
NVD
NVD
added 2020/08/26 1:15 p.m.25 views

CVE-2020-24314

Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...

6.1CVSS6AI score0.00866EPSS
Exploits2References2
Prion
Prion
added 2020/08/26 1:15 p.m.22 views

Cross site scripting

Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...

4.3CVSS6AI score0.00866EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2020/08/26 12:59 p.m.26 views

CVE-2020-24314

Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...

6.1AI score0.00866EPSS
Exploits2References2
CVE
CVE
added 2020/08/26 12:59 p.m.45 views

CVE-2020-24314

Affected software: Fahad Mahmood RSS Feed Widget Plugin for WordPress, v2.7.9 and earlier. Vulnerability: Reflected XSS via the GET parameter "t" that is echoed into an input tag without sanitization. Impact: Attackers can craft a URL to trigger XSS (no exploitation details beyond this). Exploita...

6.1CVSS6AI score0.00866EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder