Lucene search
+L

142 matches found

osv
osv
added 2023/05/15 1:15 p.m.6 views

CVE-2023-1915

The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin...

6.1CVSS7.3AI score0.00477EPSS
Exploits2References1
osv
osv
added 2023/04/24 7:15 p.m.5 views

CVE-2023-1420

The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such...

6.1CVSS6.8AI score0.00493EPSS
Exploits2References1
ptsecurity
ptsecurity
added 2023/04/17 12:0 a.m.8 views

PT-2023-16859 · WordPress · Drag/Drop Multiple File Upload Pro - Contact Form 7 Standard +1

Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin versions prior to 2.11.1 Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin versions prior to 5.0.6.4...

6.1CVSS6AI score0.00542EPSS
Exploits3References7
osv
osv
added 2023/02/27 4:15 p.m.4 views

CVE-2022-4829

The Show-Hide / Collapse-Expand WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...

5.4CVSS5.8AI score0.0049EPSS
Exploits2References1
susecve
susecve
added 2023/02/15 4:22 a.m.2 views

SUSE CVE-2018-19141

Open Ticket Request System OTRS 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled...

4.8CVSS4.8AI score0.00673EPSS
Exploits0References4
osv
osv
added 2023/02/13 3:15 p.m.8 views

CVE-2022-4562

The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

5.4CVSS5.8AI score0.0054EPSS
Exploits2References1
osv
osv
added 2023/02/13 3:15 p.m.5 views

CVE-2022-4473

The Widget Shortcode WordPress plugin through 0.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.0054EPSS
Exploits2References1
osv
osv
added 2023/02/13 3:15 p.m.4 views

CVE-2022-4458

The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...

5.4CVSS5.8AI score0.00477EPSS
Exploits2References1
osv
osv
added 2023/02/06 8:15 p.m.5 views

CVE-2022-4459

The WP Show Posts WordPress plugin before 1.1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

5.4CVSS5.8AI score
Exploits0References1
osv
osv
added 2023/01/30 9:15 p.m.6 views

CVE-2022-4837

The CPO Companion WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

5.4CVSS5.8AI score0.00534EPSS
Exploits2References1
osv
osv
added 2023/01/30 9:15 p.m.4 views

CVE-2022-4472

The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...

5.4CVSS5.8AI score0.00519EPSS
Exploits2References1
osv
osv
added 2023/01/23 3:15 p.m.3 views

CVE-2022-4832

The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
osv
osv
added 2023/01/23 3:15 p.m.5 views

CVE-2022-4718

The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
osv
osv
added 2023/01/23 3:15 p.m.5 views

CVE-2022-4775

The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
osv
osv
added 2023/01/23 3:15 p.m.6 views

CVE-2022-4668

The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
osv
osv
added 2023/01/23 3:15 p.m.5 views

CVE-2022-4672

The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used...

5.4CVSS5.8AI score0.00534EPSS
Exploits2References1
osv
osv
added 2023/01/23 3:15 p.m.4 views

CVE-2022-4629

The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
osv
osv
added 2023/01/16 4:15 p.m.4 views

CVE-2022-4571

The Seriously Simple Podcasting WordPress plugin before 2.19.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used agains...

5.4CVSS5.8AI score0.00534EPSS
Exploits2References1
osv
osv
added 2023/01/16 4:15 p.m.4 views

CVE-2022-4480

The Click to Chat WordPress plugin before 3.18.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...

5.4CVSS5.8AI score0.00534EPSS
Exploits2References1
osv
osv
added 2023/01/16 4:15 p.m.4 views

CVE-2022-4484

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00471EPSS
Exploits1References1
Rows per page
Query Builder