Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.10 views

CVE-2024-2369

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.3AI score0.00446EPSS
Exploits2References1
NVD
NVD
added 2024/12/16 6:15 a.m.24 views

CVE-2024-11841

The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS0.00291EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/02/21 8:50 a.m.6 views

CVE-2023-0366 Loan Comparison < 1.5.3 - Contributor+ Stored XSS via shortcode

The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.8AI score0.00534EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/02/06 7:59 p.m.6 views

CVE-2023-0178 Annual Archive < 1.6.0 - Contributor+ Stored XSS

The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6AI score0.00573EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/01/30 8:31 p.m.7 views

CVE-2023-0071 WP Tabs < 2.1.17 - Contributor+ Stored XSS

The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.3AI score0.00534EPSS
Exploits2References1
Rows per page
Query Builder