CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-9702

Malware in sbrugna...

9.1CVSS9.3AI score0.00524EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 12:34 a.m.•12 views

CVE-2022-4483

The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.4CVSS5.9AI score0.00252EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 7:23 p.m.•2 views

CVE-2021-24850

The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields...

5.4CVSS6.1AI score0.0018EPSS

Exploits2References1

Vulnrichment•added 2023/01/16 3:38 p.m.•7 views

CVE-2022-4483 Insert Pages < 3.7.5 - Contributor+ Stored XSS

5.5AI score0.00252EPSS

Exploits2References1

Positive Technologies•added 2023/01/16 12:0 a.m.•4 views

PT-2023-14558 · WordPress · Insert Pages

Name of the Vulnerable Software and Affected Versions: Insert Pages WordPress plugin versions prior to 3.7.5 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. This ...

5.4CVSS6.2AI score0.00252EPSS

Exploits2References6

OSV•added 2021/11/17 11:15 a.m.•1 views

CVE-2021-24851

The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue...

4.3CVSS5.9AI score

Exploits0References2

CNNVD•added 2021/11/17 12:0 a.m.•3 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Insert Pages plugin has a cross-site scripting vulnerability in versions prior to 3.7.0, whi...

5.4CVSS5.2AI score0.0018EPSS

Exploits2References2

CNNVD•added 2021/11/17 12:0 a.m.•1 views

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress Insert Pages plugin in versions prior to 3.7.0,...

4.3CVSS5.9AI score0.00186EPSS

Exploits2References3