Lucene search
K

51 matches found

Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.6 views

PT-2024-29106 · WordPress · Tabellen Von Faustball.Com

Name of the Vulnerable Software and Affected Versions: The Tabellen von faustball.com plugin for WordPress versions up to, and including, 2.0.4 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allo...

4.4CVSS5.8AI score0.00406EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.4 views

PT-2024-15931 · WordPress · The Advanced Social Feeds Widget & Shortcode

Name of the Vulnerable Software and Affected Versions: The Advanced Social Feeds Widget & Shortcode WordPress plugin versions 1.7 and earlier Description: The issue concerns the lack of sanitization and escaping of some settings in the plugin, which could allow high-privilege users, such as admin...

4.8CVSS8.2AI score0.00379EPSS
Exploits2References5
OSV
OSV
added 2023/11/22 4:15 p.m.7 views

CVE-2023-5715

The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.8CVSS5.9AI score0.00495EPSS
Exploits0References3
OSV
OSV
added 2023/10/31 2:15 p.m.8 views

CVE-2023-5243

The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00379EPSS
Exploits2References1
OSV
OSV
added 2023/07/10 4:15 p.m.3 views

CVE-2023-2709

The ANGradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00542EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/06/05 12:0 a.m.5 views

PT-2023-20616 · WordPress · Get Your Number Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Get your number WordPress plugin versions 1.1.3 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

4.8CVSS7.9AI score0.00539EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2023/01/02 12:0 a.m.3 views

PT-2023-14051 · WordPress · Social Sharing

Name of the Vulnerable Software and Affected Versions: WP Social Sharing WordPress plugin versions through 2.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and...

9.8CVSS6.2AI score0.01854EPSS
Exploits11References17
OSV
OSV
added 2021/10/19 3:15 p.m.4 views

CVE-2021-39355

The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject...

4.8CVSS5.8AI score0.00957EPSS
Exploits1References3
OSV
OSV
added 2021/10/15 1:15 p.m.6 views

CVE-2021-39336

The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to a...

4.8CVSS5.8AI score0.0088EPSS
Exploits1References3
OSV
OSV
added 2021/10/15 1:15 p.m.5 views

CVE-2021-39335

The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to...

4.8CVSS5.8AI score0.0088EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/10/15 12:0 a.m.3 views

PT-2021-22538

Name of the Vulnerable Software and Affected Versions: Business Manager WordPress plugin versions up to and including 1.4.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input validation and sanitization throughout the plugin. This allows attackers with...

5.5CVSS5.5AI score0.00508EPSS
Exploits0References4
Rows per page
Query Builder