Lucene search
K

90 matches found

WPVulnDB
WPVulnDB
added 2023/02/27 12:0 a.m.13 views

Darcie < 1.1.6 - Reflected XSS

The theme does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00382EPSS
Exploits0Affected Software1
Prion
Prion
added 2023/02/13 3:15 p.m.16 views

Sql injection

The WP Google Review Slider WordPress plugin before 11.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

6.5CVSS8.9AI score0.00919EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/02/13 3:15 p.m.19 views

Sql injection

The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

6.5CVSS8.9AI score0.00919EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/08 12:0 a.m.13 views

Weixin Robot Advanced <= 6.0.1 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00408EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/13 12:0 a.m.11 views

MagicForm <= 0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.9AI score0.00406EPSS
Exploits0Affected Software1
Prion
Prion
added 2023/01/02 10:15 p.m.17 views

Sql injection

The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author...

6.5CVSS8.9AI score0.00907EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2022/12/12 6:15 p.m.22 views

CVE-2022-3925

The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users...

7.2CVSS0.00964EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/12/06 12:0 a.m.23 views

WP Smart Import < 1.0.3 - Reflected Cross-Ste Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.9AI score0.00406EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/02 12:0 a.m.25 views

Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

10CVSS2.5AI score0.00748EPSS
Exploits0Affected Software1
Prion
Prion
added 2022/11/28 2:15 p.m.20 views

Sql injection

The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author...

6.5CVSS8.9AI score0.03663EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2022/11/28 2:15 p.m.21 views

Sql injection

The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor...

6.5CVSS8.9AI score0.01053EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2022/10/17 12:15 p.m.20 views

Sql injection

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin...

5.8CVSS7AI score0.00921EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/10 12:0 a.m.10 views

JReviews <= 4.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC https://example.com/top-user-rated-listings?listview=2%22%3e%3cscript%3ealert1%3c%2fscript%3e=1...

0.2AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/10/10 12:0 a.m.36 views

Newspaper < 12 - Reflected Cross-Site Scripting

Description The theme does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting PoC Affected parameter: acts.tdatts.imagesize...

6.1CVSS6.1AI score0.00551EPSS
Exploits2
OSV
OSV
added 2022/08/15 11:20 a.m.4 views

CVE-2022-2116

The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.0051EPSS
Exploits2References1
NVD
NVD
added 2022/08/08 2:15 p.m.23 views

CVE-2022-2386

The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.0051EPSS
Exploits2References1
OSV
OSV
added 2022/08/01 1:15 p.m.4 views

CVE-2022-1950

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

9.8CVSS5.8AI score0.04278EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2022/07/18 12:0 a.m.25 views

Crowdsignal Polls & Ratings < 3.0.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS1.5AI score0.0051EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/21 12:0 a.m.22 views

CDI < 5.1.9 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS0.2AI score0.01297EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2022/05/30 8:35 a.m.19 views

CVE-2022-1527 WP 2FA < 2.2.1 - Reflected Cross-Site Scripting

The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.2AI score0.00815EPSS
Exploits2References1
Rows per page
Query Builder