CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2023/01/16 12:0 a.m.•5 views

WordPress plugin Insert Pages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00534EPSS

CNNVD•added 2023/01/16 12:0 a.m.•2 views

WordPress plugin ConvertKit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00534EPSS

Positive Technologies•added 2023/01/16 12:0 a.m.•3 views

PT-2023-14590 · WordPress · Convertkit

Name of the Vulnerable Software and Affected Versions: ConvertKit WordPress plugin versions prior to 2.0.5 Description: The issue allows users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. This ...

5.4CVSS6.2AI score0.00534EPSS

Exploits2References6

CNNVD•added 2023/01/16 12:0 a.m.•4 views

WordPress plugin Social Sharing 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

5.4CVSS5.4AI score0.00471EPSS

WPVulnDB•added 2023/01/12 12:0 a.m.•22 views

jQuery T(-) Countdown Widget < 2.3.24 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC tminus t='2100-01-01' width='"...

5.4CVSS2.8AI score0.00562EPSS

WPVulnDB•added 2023/01/11 12:0 a.m.•14 views

Gallery Factory Lite <= 2.0.0 - Contributor+ Stored XSS

5.4CVSS2.5AI score0.00695EPSS

WPVulnDB•added 2023/01/11 12:0 a.m.•25 views

ResponsiveVoice Text To Speech < 1.7.7 - Contributor+ Stored XSS

5.4CVSS2.3AI score0.00623EPSS

WPVulnDB•added 2023/01/11 12:0 a.m.•32 views

Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS

5.4CVSS2.6AI score0.00649EPSS

WPVulnDB•added 2023/01/10 12:0 a.m.•22 views

Post Category Image With Grid and Slider < 1.4.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

5.4CVSS2.5AI score0.00685EPSS

WPVulnDB•added 2023/01/10 12:0 a.m.•20 views

Easy Testimonials < 3.9.3 - Contributor+ Stored XSS

5.4CVSS2.8AI score0.00649EPSS

OSV•added 2023/01/09 11:15 p.m.•2 views

CVE-2022-4497

The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.4CVSS5.8AI score0.00534EPSS

OSV•added 2023/01/09 11:15 p.m.•2 views

CVE-2022-4479

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00575EPSS

OSV•added 2023/01/09 11:15 p.m.•1 views

CVE-2022-4491

The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high...

5.4CVSS5.8AI score0.00471EPSS

OSV•added 2023/01/09 11:15 p.m.•1 views

CVE-2022-4468

The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00534EPSS

Positive Technologies•added 2023/01/09 12:0 a.m.•2 views

PT-2023-14554 · WordPress · Table Of Contents Plus

Name of the Vulnerable Software and Affected Versions: Table of Contents Plus WordPress plugin versions prior to 2212 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which could lead to Stored Cross-Site Scripting attacks. Users with a role as lo...

5.4CVSS5.3AI score0.00575EPSS

Exploits2References4

CNNVD•added 2023/01/09 12:0 a.m.•3 views

WordPress Plugin Jetpack CRM 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

5.4CVSS5.5AI score0.00534EPSS

Exploits2References3

CNNVD•added 2023/01/09 12:0 a.m.•3 views

WordPress Plugin Table of Contents Plus 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.4AI score0.00575EPSS