Lucene search
+L

42 matches found

nvd
nvd
added 2026/07/02 6:16 a.m.12 views

CVE-2026-10089

The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...

6.4CVSS0.00217EPSS
Exploits0References8
cve
cve
added 2026/07/02 5:35 a.m.20 views

CVE-2026-10089

CVE-2026-10089 concerns the WordPress plugin Insert Pages (versions up to 3.11.4). It describes a Stored XSS where the meta field key (not the value) is interpolated into rendered HTML without escaping when rendering a page via the [insert page] shortcode. The underlying cause is insufficient esc...

6.4CVSS5.9AI score0.00217EPSS
Exploits0References8
euvd
euvd
added 2026/07/02 5:35 a.m.9 views

EUVD-2026-41249

The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...

6.4CVSS5.9AI score0.00217EPSS
Exploits0References8
attackerkb
attackerkb
added 2026/07/02 5:35 a.m.7 views

CVE-2026-10089

The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...

6.4CVSS5.9AI score0.00217EPSS
Exploits0References9
cvelist
cvelist
added 2026/07/02 5:35 a.m.40 views

CVE-2026-10089 Insert Pages <= 3.11.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Keys (Meta Key Names)

The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...

6.4CVSS0.00217EPSS
Exploits0References8
patchstack
patchstack
added 2026/07/01 5:21 p.m.5 views

WordPress Insert Pages plugin <= 3.11.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Insert Pages versions = 3.11.4...

6.4CVSS5.8AI score0.00217EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11762

Malware in sbrugna...

5.4CVSS5.5AI score0.00604EPSS
Exploits2References2
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-9702

Malware in sbrugna...

9.1CVSS9.3AI score0.02503EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 12:34 a.m.16 views

CVE-2022-4483

The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.4CVSS5.9AI score0.00534EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/22 7:23 p.m.7 views

CVE-2021-24850

The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields...

5.4CVSS6.1AI score0.00604EPSS
Exploits2References1
cnnvd
cnnvd
added 2024/07/02 12:0 a.m.7 views

WordPress plugin Cost Calculator Builder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.5AI score0.00385EPSS
Exploits0References4
osv
osv
added 2023/01/16 4:15 p.m.7 views

CVE-2022-4483

The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.4CVSS5.8AI score0.00534EPSS
Exploits2References1
nvd
nvd
added 2023/01/16 4:15 p.m.12 views

CVE-2022-4483

The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.4CVSS5.3AI score0.00534EPSS
Exploits2References1
cve
cve
added 2023/01/16 3:38 p.m.86 views

CVE-2022-4483

The CVE-2022-4483 entry concerns the Insert Pages WordPress plugin prior to version 3.7.5. The root cause is that the plugin does not validate and escape certain shortcode attributes before output, enabling Stored XSS by users with as low as contributor privileges against high‑privilege admins. A...

5.4CVSS5.3AI score0.00534EPSS
Exploits2References1Affected Software1
vulnrichment
vulnrichment
added 2023/01/16 3:38 p.m.11 views

CVE-2022-4483 Insert Pages < 3.7.5 - Contributor+ Stored XSS

The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.5AI score0.00534EPSS
Exploits2References1
cvelist
cvelist
added 2023/01/16 3:38 p.m.19 views

CVE-2022-4483 Insert Pages < 3.7.5 - Contributor+ Stored XSS

The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.5AI score0.00534EPSS
Exploits2References1
cnnvd
cnnvd
added 2023/01/16 12:0 a.m.8 views

WordPress plugin Insert Pages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00534EPSS
Exploits2References2
ptsecurity
ptsecurity
added 2023/01/16 12:0 a.m.21 views

PT-2023-14558 · WordPress · Insert Pages

Name of the Vulnerable Software and Affected Versions: Insert Pages WordPress plugin versions prior to 3.7.5 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. This ...

5.4CVSS6.2AI score0.00534EPSS
Exploits2References6
wpexploit
wpexploit
added 2023/01/04 12:0 a.m.864 views

Insert Pages < 3.7.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit: inse...

5.4CVSS0.9AI score0.00534EPSS
Exploits2
cnvd
cnvd
added 2021/11/21 12:0 a.m.21 views

WordPress Insert Pages License Issue Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress Insert Pages plugin in versions prior to 3.7.0,...

4.3CVSS4.7AI score0.00913EPSS
Exploits2References1
Rows per page
Query Builder