Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:52 a.m.6 views

CVE-2023-0442

The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL...

6.1CVSS6.3AI score0.00486EPSS
Exploits2References1
NVD
NVD
added 2023/02/21 9:15 a.m.16 views

CVE-2023-0442

The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL...

6.1CVSS6.1AI score0.00486EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/02/21 8:51 a.m.5 views

CVE-2023-0442 Loan Comparison < 1.5.2 - Reflected XSS via shortcode

The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL...

6AI score0.00486EPSS
Exploits2References1
CVE
CVE
added 2023/02/21 8:51 a.m.53 views

CVE-2023-0442

CVE-2023-0442 affects the WordPress plugin Loan Comparison up to version 1.5.2 (pre-1.5.3). Root cause: the plugin does not validate and escape certain query parameters before echoing them in pages/posts via the embedded shortcode, enabling reflected XSS through a crafted URL. Impact: attacker co...

6.1CVSS6.1AI score0.00486EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/01/25 12:0 a.m.7 views

WordPress Loan Comparison Plugin < 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Loan Comparison Type Plugin Vulnerable versions 1.5.3 Fixed in 1.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0442 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 65853d90a7ed Credits Harald Eilertsen Require...

6.1CVSS5.9AI score0.00486EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder