Lucene search
K

11 matches found

Cvelist
Cvelist
added 2024/10/30 2:4 a.m.25 views

CVE-2024-9886 WP Baidu Map <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidumap' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00346EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/12 6:51 a.m.10 views

CVE-2024-9704 Social Sharing (by Danny) <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Social Sharing by Danny plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dvksocialsharing' shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

6.4CVSS5.8AI score0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/26 6:0 a.m.12 views

CVE-2024-6879 Quiz and Survey Master (QSM) < 9.1.1 - Contributor+ Stored XSS

The Quiz and Survey Master QSM WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting XSS attacks...

5.7AI score0.00411EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/17 5:0 a.m.12 views

CVE-2024-1219 Easy Social Feed < 6.5.6 - Contributor+ Stored XSS

The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.2AI score0.00303EPSS
Exploits2References1
NVD
NVD
added 2024/03/31 7:15 p.m.12 views

CVE-2024-31121

Contributor Cross Site Scripting XSS in HeartThis = 0.1.0 versions...

6.5CVSS6.2AI score0.0034EPSS
Exploits0References1
CVE
CVE
added 2024/03/31 6:46 p.m.60 views

CVE-2024-31121

CVE-2024-31121 is a Cross-Site Scripting (XSS) vulnerability in the HeartThis WordPress plugin, affecting version

6.5CVSS6.4AI score0.0034EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/27 1:17 p.m.11 views

CVE-2022-4115 Editorial Calendar < 3.8.3 - Contributor+ Stored XSS

The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users...

5.7AI score0.00444EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/01/23 2:31 p.m.29 views

CVE-2022-4832 Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode

The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

5.5AI score0.00471EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/16 3:38 p.m.21 views

CVE-2022-4484 Super Socializer < 7.13.44 - Contributor+ Stored XSS

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00471EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2021/11/09 12:0 a.m.23 views

Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks PoC As a contributor, create a custom field in a post, with the following payload: Then add the following shortcode to the...

5.4CVSS5.1AI score0.00684EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/01 12:0 a.m.19 views

GenerateBlocks < 1.4.0 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. PoC Add the following code in a post/page while in code editor mode with an Contributor account: Then view/previe...

5.4CVSS5.2AI score0.00604EPSS
Exploits2Affected Software1
Rows per page
Query Builder