11 matches found
CVE-2026-56038
Contributor Privilege Escalation in Frisbii Pay = 1.8.2 versions...
CVE-2026-56008
Contributor Privilege Escalation in Fusion Builder = 3.15.4 versions...
EUVD-2026-39700
Contributor Privilege Escalation in Frisbii Pay = 1.8.2 versions...
EUVD-2026-36965
Contributor Privilege Escalation in B Blocks = 2.0.31 versions...
CVE-2026-39579
Contributor Privilege Escalation in B Blocks = 2.0.31 versions...
EUVD-2026-36879
Contributor Privilege Escalation in LatePoint = 5.5.1 versions...
CVE-2022-4480
The Click to Chat WordPress plugin before 3.18.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...
CVE-2022-4472 Simple Sitemap < 3.5.8 - Contributor+ Stored XSS
The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...
Collapse-O-Matic < 1.8.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. PoC Exploit...
3D FlipBook < 1.13.3 - Contributor+ Stored XSS
The plugin does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators. PoC 1. As an administrator,...
Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting
Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users Contributor to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation Edit WPScanTeam: The https://wordpress.org/plugins/themify-portfolio-post/ plugin...