Lucene search
+L

44 matches found

Positive Technologies
Positive Technologies
added 2023/01/16 12:0 a.m.4 views

PT-2023-14556 · WordPress · Mesmerize Companion

Name of the Vulnerable Software and Affected Versions: Mesmerize Companion WordPress plugin versions prior to 1.6.135 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as...

5.4CVSS6.2AI score0.00575EPSS
Exploits2References5
WPVulnDB
WPVulnDB
added 2022/12/20 12:0 a.m.26 views

Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Required...

5.4CVSS0.8AI score0.00575EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/12/20 12:0 a.m.181 views

Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Required them...

5.4CVSS0.2AI score0.00575EPSS
Exploits2
Patchstack
Patchstack
added 2019/12/02 12:0 a.m.25 views

WordPress Mesmerize theme <=1.6.89 - Authenticated Options Update vulnerability

Authenticated Options Update vulnerability found by NinTechNet in WordPress Mesmerize theme versions =1.6.89. Solution Update the WordPress Mesmerize theme to the latest available version at least 1.6.90...

3.5AI score
Exploits0References1Affected Software1
Rows per page
Query Builder