Lucene search
K

13 matches found

OSV
OSV
added 2024/06/26 6:15 a.m.6 views

CVE-2024-4957

The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.3CVSS5.8AI score0.00329EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/06/14 6:0 a.m.23 views

CVE-2024-2218 LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00342EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/05/22 12:0 a.m.18 views

Sassy social share < 3.3.63 Admin+ Stored Cross-Site scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to the plugin's settings. 2...

5.4AI score0.00456EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.18 views

Schema & Structured Data for WP & AMP < 1.24 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

6.5CVSS6.3AI score0.00328EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/14 7:10 p.m.12 views

CVE-2023-3328 Custom Field For WP Job Manager < 1.2 - Admin+ Stored XSS

The Custom Field For WP Job Manager WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

5.6AI score0.00382EPSS
Exploits2References1
OSV
OSV
added 2023/06/27 2:15 p.m.5 views

CVE-2023-2592

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS7.3AI score0.0085EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/02/02 12:0 a.m.15 views

Marketing Performance <= 2.0.0 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00408EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/09 12:0 a.m.18 views

Woocommerce Vietnam Checkout < 2.0.5 - Reflected XSS

The plugin does not sanitise and escape the from and to parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.9AI score0.00406EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/29 12:0 a.m.13 views

Simple:Press < 6.8.1 - Unauthenticated Stored XSS via Forum Replies

The plugin does not sanitise and escape the postitem parameter when posting a forum reply, which could allow unauthenticated users to perform Stored XSS attacks...

7.2CVSS4.1AI score0.00571EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/05/30 9:15 a.m.3 views

CVE-2022-1527

The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.00815EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/04/25 4:16 p.m.8 views

CVE-2021-46781

The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00773EPSS
Exploits1References2
OSV
OSV
added 2021/10/18 2:15 p.m.3 views

CVE-2021-24760

The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00629EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/08/16 10:48 a.m.27 views

CVE-2021-24410 Telugu Bible Verse Daily <= 1.0 - CSRF to Stored XSS

The తెలుగు బైబిల్ వచనములు WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses...

6.2AI score0.00412EPSS
Exploits2References1
Rows per page
Query Builder