Lucene search
K

3484 matches found

Cvelist
Cvelist
added 2024/02/27 8:30 a.m.23 views

CVE-2023-7115 PageLayer < 1.8.1 - Admin+ Stored XSS

The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.6AI score0.00402EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.18 views

Chat Bubble <= 2.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.00398EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.16 views

Profile Box Shortcode And Widget < 1.2.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC When creating a new widget, insert...

5.3AI score0.00416EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/21 12:0 a.m.19 views

YARPP < 5.30.10 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.4CVSS5.4AI score0.00516EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/21 12:0 a.m.22 views

Widget for Social Page Feeds < 6.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Create a new Facebook like...

7.2AI score0.00396EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.15 views

Password Protected < 2.6.7 - Admin+ Stored XSS

Description The plugin does not sanitise and escape its Google Captcha Site Key settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.9AI score0.00339EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.5 views

PT-2024-15723 · WordPress · The Password Protected – Ultimate Plugin To Password Protect Your Wordpress Content With Ease

Name of the Vulnerable Software and Affected Versions: The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress versions up to, and including, 2.6.6 Description: The issue is related to Stored Cross-Site Scripting via the Google Captcha Si...

4.8CVSS5AI score0.00339EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.8 views

PT-2024-15681 · WordPress · Yarpp

Name of the Vulnerable Software and Affected Versions: YARPP – Yet Another Related Posts Plugin versions up to, and including, 5.30.9 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

4.4CVSS5AI score0.00516EPSS
Exploits1References6
WPVulnDB
WPVulnDB
added 2024/02/13 12:0 a.m.30 views

Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

5.1AI score0.00497EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2024/02/12 4:15 p.m.13 views

CVE-2023-6081

The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS5.3AI score0.0039EPSS
Exploits2References2
OSV
OSV
added 2024/02/12 4:15 p.m.3 views

CVE-2023-6294

The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations...

7.2CVSS5.8AI score0.00812EPSS
Exploits2References1
OSV
OSV
added 2024/02/12 4:15 p.m.2 views

CVE-2023-6082

The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS7.3AI score
Exploits0References2
OSV
OSV
added 2024/02/12 4:15 p.m.4 views

CVE-2023-7233

The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00456EPSS
Exploits2References1
OSV
OSV
added 2024/02/12 4:15 p.m.3 views

CVE-2023-6081

The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4CVSS5.8AI score0.0039EPSS
Exploits2References2
NVD
NVD
added 2024/02/12 4:15 p.m.25 views

CVE-2023-7233

The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.4AI score0.00456EPSS
Exploits2References1
NVD
NVD
added 2024/02/12 4:15 p.m.18 views

CVE-2023-6294

The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations...

7.5CVSS6.3AI score0.00812EPSS
Exploits2References1
Prion
Prion
added 2024/02/12 4:15 p.m.24 views

Server side request forgery (ssrf)

The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations...

7AI score0.00812EPSS
Exploits2References1
Prion
Prion
added 2024/02/12 4:15 p.m.19 views

Cross site scripting

The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.0039EPSS
Exploits2References2
Cvelist
Cvelist
added 2024/02/12 4:7 p.m.21 views

CVE-2023-6081 Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting in New Chart

The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.5AI score0.0039EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/02/12 4:6 p.m.24 views

CVE-2023-6294 popup-builder < 4.2.6 - Admin+ SSRF & File Read

The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations...

6.7AI score0.00812EPSS
Exploits2References1
Rows per page
Query Builder