Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:54 a.m.8 views

CVE-2023-0267

The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

5.4CVSS5.8AI score0.00444EPSS
Exploits2References1
NVD
NVD
added 2023/05/08 2:15 p.m.20 views

CVE-2023-0267

The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

5.4CVSS5.3AI score0.00444EPSS
Exploits2References1
CVE
CVE
added 2023/05/08 1:58 p.m.64 views

CVE-2023-0267

CVE-2023-0267 affects The Ultimate Carousel For WPBakery Page Builder WordPress plugin up to version 2.6. It stems from not validating/escaping certain shortcode attributes before they are output in a page/post, enabling Stored Cross-Site Scripting for users with the contributor role or higher. P...

5.4CVSS5.5AI score0.00444EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/05/08 1:58 p.m.25 views

CVE-2023-0267 Ultimate Carousel For WPBakery Page Builder <= 2.6 - Contributor+ Stored XSS

The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

5.5AI score0.00444EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/05/08 1:58 p.m.7 views

CVE-2023-0267 Ultimate Carousel For WPBakery Page Builder <= 2.6 - Contributor+ Stored XSS

The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

5.3AI score0.00444EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/04/25 12:0 a.m.16 views

WordPress Ultimate Carousel For WPBakery Page Builder Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Carousel For WPBakery Page Builder Type Plugin Vulnerable versions = 2.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0267 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8fe712db2127...

5.4CVSS5.9AI score0.00444EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder