Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.5 views

CVE-2024-1363

The Easy Accordion – Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accordioncontentsource' attribute in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5AI score0.00399EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:15 a.m.8 views

CVE-2022-4487

The Easy Accordion WordPress plugin before 2.2.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...

5.4CVSS5.9AI score0.00534EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.10 views

CVE-2021-24576

The Easy Accordion WordPress plugin before 2.0.22 does not properly sanitize inputs when adding new items to an accordion...

5.4CVSS6.7AI score0.00604EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/01/16 3:37 p.m.7 views

CVE-2022-4487 Easy Accordion < 2.2.0 - Contributor+ Stored XSS

The Easy Accordion WordPress plugin before 2.2.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...

6.1AI score0.00534EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/01/16 12:0 a.m.4 views

PT-2023-14562 · WordPress · Easy Accordion

Name of the Vulnerable Software and Affected Versions: Easy Accordion WordPress plugin versions prior to 2.2.0 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. Thi...

5.4CVSS6.2AI score0.00534EPSS
Exploits2References5
CNVD
CNVD
added 2021/10/13 12:0 a.m.19 views

WordPress Easy Accordion plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions prior to WordPress Easy Accordion plugin 2.0.22, which stems from a lack of validation and escaping of input by the software when adding ne...

5.4CVSS2AI score0.00604EPSS
Exploits2References1
Rows per page
Query Builder