Lucene search
K

15 matches found

Patchstack
Patchstack
added 2026/02/03 9:11 a.m.7 views

WordPress GS Books Showcase plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin GS Books Showcase versions = 1.3.1...

6.4CVSS5.3AI score0.00345EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-27649

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00124EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.9 views

CVE-2025-8481

The Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.1.7. This is due to missing or incorrect nonce validation on the bdfeinstallactivaterswpbsonly function. This makes it possible for unauthenticated...

4.3CVSS5.7AI score0.00124EPSS
Exploits0References1
NVD
NVD
added 2025/09/11 8:15 a.m.16 views

CVE-2025-8481

The Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.1.7. This is due to missing or incorrect nonce validation on the bdfeinstallactivaterswpbsonly function. This makes it possible for unauthenticated...

4.3CVSS0.00124EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/11 7:24 a.m.10 views

CVE-2025-8481 Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid <= 1.1.7 - Cross-Site Request Forgery

The Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.1.7. This is due to missing or incorrect nonce validation on the bdfeinstallactivaterswpbsonly function. This makes it possible for unauthenticated...

4.3CVSS0.00124EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.4 views

PT-2025-37132

The Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.1.7. This is due to missing or incorrect nonce validation on the bdfe install activate rswpbs only function. This makes it possible for...

4.3CVSS5.7AI score0.00124EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:52 a.m.6 views

CVE-2023-0541

The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.8CVSS5.1AI score0.00608EPSS
Exploits2References1
OSV
OSV
added 2023/02/21 9:15 a.m.3 views

CVE-2023-0541

The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.7AI score0.00608EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/02/21 8:50 a.m.22 views

CVE-2023-0541 GS Books Showcase < 1.3.1 - Contributor+ Stored XSS

The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00608EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/02/21 8:50 a.m.6 views

CVE-2023-0541 GS Books Showcase < 1.3.1 - Contributor+ Stored XSS

The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.8AI score0.00608EPSS
Exploits2References1
CVE
CVE
added 2023/02/21 8:50 a.m.47 views

CVE-2023-0541

GS Books Showcase WordPress plugin prior to 1.3.1 is vulnerable to Stored XSS via shortcode attributes (requires Contributor+). Patchfix: upgrade to version 1.3.1 or later, which resolves the issue per Patchstack entry for CVE-2023-0541.

6.8CVSS5.5AI score0.00608EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.3 views

WordPress plugin GS Books Showcase 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.8CVSS6.4AI score0.00608EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/01/31 12:0 a.m.13 views

WordPress GS Books Showcase Plugin < 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software GS Books Showcase Type Plugin Vulnerable versions 1.3.1 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0541 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7768af0764d3 Credits István Márton...

6.8CVSS5.6AI score0.00608EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/30 12:0 a.m.13 views

GS Books Showcase < 1.3.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC gsbookshowcase theme='"...

6.8CVSS5.1AI score0.00608EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/01/30 12:0 a.m.73 views

GS Books Showcase < 1.3.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. gsbookshowcase theme='" onmouseover="alert1...

6.8CVSS5.2AI score0.00608EPSS
Exploits2
Rows per page
Query Builder