Lucene search
K

11 matches found

NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-56038

Contributor Privilege Escalation in Frisbii Pay = 1.8.2 versions...

8.8CVSS0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.4 views

CVE-2026-56008

Contributor Privilege Escalation in Fusion Builder = 3.15.4 versions...

8.8CVSS0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.5 views

EUVD-2026-39700

Contributor Privilege Escalation in Frisbii Pay = 1.8.2 versions...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36965

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

8.8CVSS5.2AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-39579

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

8.8CVSS0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.7 views

EUVD-2026-36879

Contributor Privilege Escalation in LatePoint = 5.5.1 versions...

7.5CVSS5.2AI score0.00287EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:21 p.m.5 views

CVE-2022-4480

The Click to Chat WordPress plugin before 3.18.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...

5.4CVSS5.5AI score0.00534EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/30 8:31 p.m.28 views

CVE-2022-4472 Simple Sitemap < 3.5.8 - Contributor+ Stored XSS

The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...

5.5AI score0.00519EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/12/28 12:0 a.m.18 views

Collapse-O-Matic < 1.8.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. PoC Exploit...

5.4CVSS1.7AI score0.00534EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/22 12:0 a.m.26 views

3D FlipBook < 1.13.3 - Contributor+ Stored XSS

The plugin does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators. PoC 1. As an administrator,...

6.1CVSS2AI score0.00534EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/19 12:0 a.m.47 views

Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting

Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users Contributor to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation Edit WPScanTeam: The https://wordpress.org/plugins/themify-portfolio-post/ plugin...

1.2AI score0.00687EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder