Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.6 views

CVE-2024-2430

The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

6.5CVSS5.3AI score0.00312EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-4356

Malware in sbrugna...

4CVSS6.1AI score0.01902EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-11610

Malware in sbrugna...

4.3CVSS4.7AI score0.00654EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:13 a.m.5 views

CVE-2024-1204

The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts...

4.3CVSS6.8AI score0.00501EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.6 views

CVE-2021-24819

The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as...

4.3CVSS6.6AI score0.00783EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/04/30 6:0 a.m.26 views

CVE-2025-3471 SureForms < 1.4.4 - Contributor+ Settings Update

The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action...

0.0029EPSS
Exploits1References1
CVE
CVE
added 2025/01/30 6:0 a.m.50 views

CVE-2024-12708

CVE-2024-12708 affects Bulk Me Now! WordPress plugin (versions up to 2.0). It reports stored XSS via shortcode attributes not properly validated/escaped before output in posts/pages. This could enable contributors and above to store and trigger XSS. Public patch status is not clearly documented i...

7.1CVSS6.3AI score0.00256EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/14 12:0 a.m.6 views

PT-2024-17414 · WordPress · Meta Box

Name of the Vulnerable Software and Affected Versions: Meta Box WordPress plugin versions prior to 5.9.4 Description: The issue allows users with at least the contributor role to access arbitrary custom fields assigned to other user's posts. Recommendations: For versions prior to 5.9.4, update to...

4.3CVSS9.3AI score0.00501EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2023/02/21 8:51 a.m.6 views

CVE-2023-0419 Shortcode for Font Awesome < 1.4.1 - Contributor+ Stored XSS

The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4AI score0.00534EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/02/06 7:59 p.m.11 views

CVE-2023-0095 Page View Count < 2.6.1 - Contributor+ Stored XSS

The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6AI score0.00573EPSS
Exploits2References1
Rows per page
Query Builder