Lucene search
+L

127 matches found

Vulnrichment
Vulnrichment
added 2023/07/10 12:34 p.m.19 views

CVE-2023-22694 WordPress BigContact Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin = 1.5.8 versions...

4.3CVSS7.1AI score0.00321EPSS
Exploits0References1
CVE
CVE
added 2023/07/10 12:34 p.m.36 views

CVE-2023-22694

CVE-2023-22694 is a CSRF vulnerability in the WordPress BigContact Contact Page plugin versions ≤ 1.5.8. Public sources describe unauthenticated CSRF impacting plugin settings updates; the patch status in the provided documents indicates the issue remains unpatched for BigContact ≤ 1.5.8, with pa...

8.8CVSS6.5AI score0.00321EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/10 10:40 a.m.12 views

CVE-2023-24395 WordPress Contact Form 7 Redirect & Thank You Page Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin = 1.0.3 versions...

5.4CVSS7.1AI score0.00312EPSS
Exploits0References1
CVE
CVE
added 2023/07/10 10:40 a.m.38 views

CVE-2023-24395

CVE-2023-24395 affects the WordPress plugin “Scott Paterson Contact Form 7 Redirect & Thank You Page” (≤ 1.0.3). The vulnerability is Cross-Site Request Forgery (CSRF) that could enable unauthorized actions on behalf of an authenticated user. Public sources indicate the issue has been fixed in ve...

8.8CVSS7.1AI score0.00312EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/10 9:31 a.m.33 views

CVE-2015-10119

CVE-2015-10119 affects the WordPress View All Posts Page Plugin up to version 0.9.0. The issue resides in the action_admin_notices_activation function and enables cross-site scripting, with remote initiation possible. A fix is available in version 0.9.1; apply upgrade to address the vulnerability...

6.1CVSS4.5AI score0.00594EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/07/10 9:31 a.m.19 views

CVE-2015-10119 View All Posts Page Plugin view-all-posts-pages.php action_admin_notices_activation cross site scripting

A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function actionadminnoticesactivation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiat...

4CVSS6.1AI score0.00594EPSS
Exploits0References3
CVE
CVE
added 2023/05/11 2:31 p.m.45 views

CVE-2023-22720

CVE-2023-22720 affects the WordPress plugin WP Links Page by Robert Macchi. Versions ≤ 4.9.3 are vulnerable to a Stored XSS due to inadequate input handling. The vulnerability impact is described in the CVE as cross-site scripting, with a PatchSTACK entry noting the fix in version 4.9.4 . No expl...

6.5CVSS5.5AI score0.0037EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/05/11 12:0 a.m.5 views

WordPress plugin WP Links Page 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.5CVSS6.5AI score0.0037EPSS
Exploits0References2
NVD
NVD
added 2023/04/07 10:15 a.m.31 views

CVE-2023-24398

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Snap Creek Software EZP Coming Soon Page plugin = 1.0.7.3 versions...

5.9CVSS5.4AI score0.00394EPSS
Exploits0References1
CVE
CVE
added 2023/04/07 9:20 a.m.46 views

CVE-2023-24398

CVE-2023-24398 affects the WordPress EZP Coming Soon Page plugin prior to version 1.0.7.4 (&lt;=1.0.7.3). The vulnerability is an authenticated (admin+) Stored Cross-Site Scripting (XSS) in the plugin. Root cause: stored XSS under admin privileges, allowing injection that could affect site visito...

5.9CVSS4.9AI score0.00394EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/02/21 9:15 a.m.13 views

CVE-2022-4754

The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1
CVE
CVE
added 2023/02/21 8:51 a.m.58 views

CVE-2022-4754

CVE-2022-4754 affects the WordPress plugin Easy Social Box / Page Plugin (

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.7 views

WordPress plugin Social Like Box and Page by WpDevArt 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.4CVSS5.4AI score0.00477EPSS
Exploits2References2
OSV
OSV
added 2023/01/23 3:15 p.m.3 views

CVE-2022-4675

The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
Prion
Prion
added 2023/01/23 3:15 p.m.14 views

Cross site scripting

The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

4.9CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/23 2:31 p.m.4 views

CVE-2022-4675 Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode

The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

6.1AI score0.00471EPSS
Exploits2References1
CVE
CVE
added 2023/01/23 2:31 p.m.59 views

CVE-2022-4675

The CVE-2022-4675 entry concerns the WordPress plugin The Mongoose Page Plugin, prior to version 1.9.0. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient validation and escaping of a shortcode attribute, enabling users with as little as Contributor role to injec...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/01/23 2:31 p.m.32 views

CVE-2022-4675 Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode

The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.5AI score0.00471EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/01/23 12:0 a.m.11 views

PT-2023-15011 · WordPress · Mongoose Page Plugin

Name of the Vulnerable Software and Affected Versions: Mongoose Page Plugin WordPress plugin versions prior to 1.9.0 Description: The issue concerns a lack of validation and escaping of one of the shortcode attributes in the Mongoose Page Plugin, potentially allowing users with a role as low as...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References4
WPVulnDB
WPVulnDB
added 2022/12/27 12:0 a.m.31 views

Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: facebook-page-plugin href='test.js' method='sdk' language='" onerror="alert1"'...

5.4CVSS4.1AI score0.00471EPSS
Exploits2Affected Software1
Rows per page
Query Builder