Lucene search
+L

6 matches found

nvd
nvd
added 2026/06/27 6:16 a.m.11 views

CVE-2026-9677

The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariffinfourl setting before outputting it in the frontend HTML via the generateshariff function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

4.8CVSS0.00142EPSS
Exploits0References1
cve
cve
added 2026/06/27 6:0 a.m.29 views

CVE-2026-9677

CVE-2026-9677 affects the Shariff for WordPress plugin up to version 1.0.11. The vulnerability arises from not sanitizing or escaping the shariff_infourl setting before it is output in the frontend HTML via the generateshariff() function, enabling Stored Cross-Site Scripting by high-privilege use...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:28 p.m.9 views

CVE-2026-4334

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS5.6AI score0.00222EPSS
Exploits0References1
patchstack
patchstack
added 2024/06/19 12:0 a.m.12 views

WordPress Shariff Plugin <= 4.6.13 is vulnerable to Local File Inclusion

Software Shariff Type Plugin Vulnerable versions = 4.6.13 Fixed in 4.6.14 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4098 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b8cd85e9b3c3 Credits haidv35 Required privilege Unauthenticated...

9.8CVSS6.8AI score0.0101EPSS
Exploits0References3Affected Software1
patchstack
patchstack
added 2024/06/14 12:0 a.m.14 views

WordPress Shariff Plugin <= 4.6.13 is vulnerable to Cross Site Scripting (XSS)

Software Shariff Type Plugin Vulnerable versions = 4.6.13 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2695 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 196361c9209d Credits Ngô Thiên An ancorn Required...

6.4CVSS5.8AI score0.00308EPSS
Exploits0References3Affected Software1
patchstack
patchstack
added 2014/12/05 12:0 a.m.7 views

WordPress Shariff Plugin <= 1.0.7 - Stored Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.1AI score
Exploits0References1Affected Software1
Rows per page
Query Builder