Lucene search
K

174 matches found

WPVulnDB
WPVulnDB
added 2023/09/18 12:0 a.m.11 views

breadcrumb simple <= 1.3 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00442EPSS
Exploits1
NVD
NVD
added 2023/08/30 4:15 p.m.11 views

CVE-2023-35092

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Abhay Yadav Breadcrumb simple plugin = 1.3 versions...

5.9CVSS5.4AI score0.00442EPSS
Exploits1References1
OSV
OSV
added 2023/08/30 4:15 p.m.5 views

CVE-2023-35092

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Abhay Yadav Breadcrumb simple plugin = 1.3 versions...

4.8CVSS7.3AI score0.00442EPSS
Exploits1References1
Prion
Prion
added 2023/08/30 4:15 p.m.11 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Abhay Yadav Breadcrumb simple plugin = 1.3 versions...

4.3CVSS4.8AI score0.00442EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/08/30 3:19 p.m.16 views

CVE-2023-35092 WordPress breadcrumb simple Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Abhay Yadav Breadcrumb simple plugin = 1.3 versions...

5.9CVSS5.5AI score0.00442EPSS
Exploits1References1
CVE
CVE
added 2023/08/30 3:19 p.m.42 views

CVE-2023-35092

CVE-2023-35092 covers a stored XSS vulnerability in the WordPress breadcrumb-simple plugin up to version 1.3. The issue affects authenticated administrators (admin+) and can be triggered by malicious input stored by the plugin. Root cause is a stored XSS condition in the breadcrumb-simple plugin ...

5.9CVSS5AI score0.00442EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.7 views

WordPress plugin breadcrumb-simple 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS6.1AI score0.00442EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.5 views

PT-2023-25141 · Unknown · Abhay Yadav Breadcrumb Simple Plugin

Name of the Vulnerable Software and Affected Versions: Abhay Yadav Breadcrumb simple plugin versions 1.3 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects authenticated administrators. This vulnerability allows an attacker to inject...

5.9CVSS5.1AI score0.00442EPSS
Exploits1References4
Patchstack
Patchstack
added 2023/06/15 12:0 a.m.12 views

WordPress breadcrumb simple Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software breadcrumb simple Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35092 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 50a5e1d60df5 Credits Rio Darmawan Required...

5.9CVSS5.7AI score0.00442EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/02/06 8:15 p.m.5 views

CVE-2022-4836

The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.4CVSS5.8AI score0.00588EPSS
Exploits2References1
Prion
Prion
added 2023/02/06 8:15 p.m.21 views

Cross site scripting

The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

4.9CVSS5.3AI score0.00588EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/06 7:59 p.m.9 views

CVE-2022-4836 Breadcrumb < 1.5.33 - Contributor+ Stored XSS via Shortcode

The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

6.1AI score0.00588EPSS
Exploits2References1
CVE
CVE
added 2023/02/06 7:59 p.m.66 views

CVE-2022-4836

CVE-2022-4836 affects the Breadcrumb WordPress plugin prior to version 1.5.33. The vulnerability arises from not validating/escaping certain shortcode attributes before output, enabling Stored XSS where a low-privilege user (contributor) could compromise high-privilege users (admins). Public sour...

5.4CVSS5.3AI score0.00588EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/02/06 7:59 p.m.32 views

CVE-2022-4836 Breadcrumb < 1.5.33 - Contributor+ Stored XSS via Shortcode

The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.5AI score0.00588EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.5 views

WordPress plugin Breadcrumb 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00588EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/01/11 12:0 a.m.17 views

WordPress Breadcrumb Plugin < 1.5.33 is vulnerable to Cross Site Scripting (XSS)

Software Breadcrumb Type Plugin Vulnerable versions 1.5.33 Fixed in 1.5.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4836 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 68e0f577b655 Credits Lana Codes Required...

5.4CVSS5.9AI score0.00588EPSS
Exploits2References4Affected Software1
wpexploit
wpexploit
added 2023/01/11 12:0 a.m.175 views

Breadcrumb < 1.5.33 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1.2AI score0.00588EPSS
Exploits2
OSV
OSV
added 2022/07/17 11:15 a.m.6 views

CVE-2022-2149

The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00493EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/07/17 11:15 a.m.2 views

CVE-2022-2149

The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.9AI score0.00493EPSS
Exploits2References2
Prion
Prion
added 2022/07/17 11:15 a.m.16 views

Cross site scripting

The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.8AI score0.00493EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder