Lucene search
K

44 matches found

CNNVD
CNNVD
added 2023/02/13 12:0 a.m.7 views

WordPress plugin YaMaps for WordPress Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00477EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/01/17 12:0 a.m.28 views

YaMaps for WordPress Plugin < 0.6.26 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC yamap height='100px;"...

5.4CVSS5AI score0.00477EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/01/17 12:0 a.m.429 views

YaMaps for WordPress Plugin < 0.6.26 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. yamap height='100px;" onmouseover="alert1"'...

5.4CVSS5.2AI score0.00477EPSS
Exploits2
Patchstack
Patchstack
added 2023/01/17 12:0 a.m.15 views

WordPress YaMaps for WordPress Plugin < 0.6.26 is vulnerable to Cross Site Scripting (XSS)

Software YaMaps for WordPress Type Plugin Vulnerable versions 0.6.26 Fixed in 0.6.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0270 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3732d4ef7860 Credits Lana Codes...

5.4CVSS5.8AI score0.00477EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder