Lucene search
K

10 matches found

Patchstack
Patchstack
added 2026/05/01 9:15 a.m.5 views

WordPress Widgets on Pages plugin <= 1.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Widgets on Pages versions = 1.7...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 12:14 a.m.8 views

CVE-2022-4488

The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege use...

6.8CVSS6AI score0.00707EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.4 views

WordPress Widgets on Pages Plugin < 1.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Widgets on Pages Type Plugin Vulnerable versions 1.8.1 Fixed in 1.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1d4d2801eca1 Credits Rafie Muhammad Patchstack Require...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/02/13 3:15 p.m.6 views

CVE-2022-4488

The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege use...

5.4CVSS5.8AI score0.00707EPSS
Exploits2References1
CVE
CVE
added 2023/02/13 2:32 p.m.54 views

CVE-2022-4488

The CVE (CVE-2022-4488) affects the WordPress Widgets on Pages plugin older than 1.8.0. The issue is that shortcode attributes are not validated or escaped before being echoed, enabling Stored XSS that could target high-privilege admins, with any contributor-level user potentially triggering payl...

6.8CVSS5.3AI score0.00707EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/02/13 2:32 p.m.33 views

CVE-2022-4488 Widgets on Pages < 1.8.0 - Contributor+ Stored XSS

The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege use...

5.6AI score0.00707EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.6 views

PT-2023-14565 · WordPress · Widgets On Pages

Name of the Vulnerable Software and Affected Versions: Widgets on Pages WordPress plugin versions prior to 1.8.0 Description: The issue concerns the failure to validate and escape shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scriptin...

6.8CVSS5.2AI score0.00707EPSS
Exploits2References6
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.8 views

WordPress plugin Widgets on Pages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.8CVSS5.4AI score0.00707EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/01/17 12:0 a.m.11 views

Widgets on Pages <= 1.7.0 - Contributor+ Stored XSS

The plugin does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC widgetsonpages...

6.8CVSS5AI score0.00707EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2023/01/17 12:0 a.m.16 views

WordPress Widgets on Pages Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Widgets on Pages Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4488 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 86b237a22e6a Credits Lana Codes Requir...

6.8CVSS5.7AI score0.00707EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder