Lucene search
K

90 matches found

WPVulnDB
WPVulnDB
added 2023/11/06 12:0 a.m.11 views

Martins Free & Easy SEO Link buildings < 1.2.30 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in amin open...

6.1CVSS6.2AI score0.00444EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.19 views

Bulk NoIndex & NoFollow Toolkit < 1.5 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6.1AI score0.00331EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2023/09/11 7:46 p.m.23 views

CVE-2023-2705 Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting

The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin...

6.3AI score0.00396EPSS
Exploits2References1
NVD
NVD
added 2023/08/30 3:15 p.m.22 views

CVE-2023-3992

The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.00427EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/08/21 12:29 p.m.27 views

CVE-2023-3954 MultiParcels Shipping For WooCommerce 1.15.2-1.15.3 - Reflected XSS

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.2AI score0.00396EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/08/16 11:3 a.m.27 views

CVE-2023-2123 WP Inventory Manager < 2.1.0.13 - Reflected Cross-Site Scripting

The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.4AI score0.01161EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.8 views

PT-2023-18015 · WordPress · Wp Inventory Manager

Name of the Vulnerable Software and Affected Versions: WP Inventory Manager versions prior to 2.1.0.13 Description: The issue is related to a Reflected Cross-Site Scripting problem. The WP Inventory Manager WordPress plugin does not properly sanitise and escape a parameter before outputting it ba...

6.1CVSS6.3AI score0.01161EPSS
Exploits3References8
WPVulnDB
WPVulnDB
added 2023/08/09 12:0 a.m.31 views

eaSYNC <= 1.3.8 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00331EPSS
Exploits0
Prion
Prion
added 2023/07/24 11:15 a.m.18 views

Sql injection

The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the txtsearch parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin...

5.8CVSS7.1AI score0.00717EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/07/17 2:15 p.m.17 views

Cross site scripting

The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.8CVSS6AI score0.0042EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/07/17 2:15 p.m.23 views

Sql injection

The ANGradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

6.5CVSS8.9AI score0.0464EPSS
Exploits5References2Affected Software1
NVD
NVD
added 2023/07/10 4:15 p.m.18 views

CVE-2023-3118

The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.00471EPSS
Exploits1References1
Prion
Prion
added 2023/06/27 2:15 p.m.23 views

Sql injection

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

5.8CVSS7.1AI score0.0085EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/15 12:0 a.m.13 views

NextGen GalleryView <= 0.5.5 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00387EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/15 12:0 a.m.5 views

PT-2023-17105 · Tagdiv · Tagdiv Composer

Name of the Vulnerable Software and Affected Versions: tagDiv Composer WordPress plugin versions prior to 4.0 Description: The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users, such as admin. This occurs because a parameter is not properly...

6.1CVSS6.4AI score0.00506EPSS
Exploits2References5
Cvelist
Cvelist
added 2023/04/17 12:17 p.m.25 views

CVE-2023-1473 Responsive WordPress Slideshows 3.29.0 - Reflected XSS

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1AI score0.00458EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/03/21 12:0 a.m.14 views

Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations < 5.0.6.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. PoC Visit the following path on the site as an admin user:...

6.1CVSS5.7AI score0.00542EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/10 12:0 a.m.18 views

GiveWP < 2.25.2 - Author+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks...

6.1AI score0.00423EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/02 12:0 a.m.18 views

Easy Testimonial Slider and Form < 1.0.16 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
Prion
Prion
added 2023/02/27 4:15 p.m.21 views

Sql injection

The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

5.8CVSS7.1AI score0.00764EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder