Lucene search
K

5 matches found

CVE
CVE
added 2026/06/09 3:41 a.m.25 views

CVE-2026-8895

CVE-2026-8895 affects the WordPress plugin kk blog card up to version 1.3. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) in the plugin’s blog-card shortcode, caused by insufficient sanitization and output escaping of the shortcode’s href and type attributes. These values are con...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.6 views

CVE-2023-4035

The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.5AI score0.00371EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/08/30 2:22 p.m.7 views

CVE-2023-4035 Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode

The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.3AI score0.00371EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/08/07 12:0 a.m.13 views

Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access

Description The plugin does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones PoC Run the below command in the developer...

4.3CVSS4.8AI score0.00453EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2023/08/03 12:0 a.m.7 views

WordPress Simple Blog Card Plugin < 1.32 is vulnerable to Sensitive Data Exposure

Software Simple Blog Card Type Plugin Vulnerable versions 1.32 Fixed in 1.32 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e0b1d4664953 Credits N/A Required privilege Subscriber...

6.9AI score
Exploits0References2Affected Software1
Rows per page
Query Builder