Lucene search
K

913 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:12 p.m.18 views

CVE-2022-3823

The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.6AI score0.00459EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:38 p.m.9 views

CVE-2022-2763

The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00591EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 p.m.6 views

CVE-2022-1945

The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfilteredhtml is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00557EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:15 p.m.9 views

CVE-2022-1995

The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup...

4.8CVSS6.2AI score0.00548EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:13 p.m.7 views

CVE-2022-3833

The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.6AI score0.00501EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 p.m.7 views

CVE-2022-3128

The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00548EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:55 p.m.10 views

CVE-2022-2340

The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00608EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:43 a.m.14 views

CVE-2025-2560

The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00214EPSS
Exploits1References1
OSV
OSV
added 2025/05/19 6:15 a.m.5 views

CVE-2025-2560

The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00214EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:4 p.m.19 views

CVE-2023-5529

The Advanced Page Visit Counter WordPress plugin before 8.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00318EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/05/17 9:4 p.m.7 views

CVE-2025-1454

The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS5.7AI score0.00209EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:4 p.m.10 views

CVE-2025-0329

The AI ChatBot for WordPress WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00219EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:4 p.m.11 views

CVE-2025-1033

The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00231EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:4 p.m.6 views

CVE-2024-7759

The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:4 p.m.8 views

CVE-2024-12808

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:3 p.m.19 views

CVE-2024-12770

The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00315EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:3 p.m.8 views

CVE-2024-12680

The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:3 p.m.8 views

CVE-2024-10639

The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:3 p.m.11 views

CVE-2024-10145

The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:2 p.m.16 views

CVE-2024-9236

The Team WordPress plugin before 4.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1
Rows per page
Query Builder