Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1405 matches found

OSV
OSVadded 2023/01/23 3:15 p.m.2 views

CVE-2022-4624

The GS Logo Slider WordPress plugin before 3.3.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...

5.4CVSS5.8AI score
Exploits0References1
OSV
OSVadded 2023/01/23 3:15 p.m.2 views

CVE-2022-4629

The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
OSV
OSVadded 2023/01/23 3:15 p.m.3 views

CVE-2022-4542

The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
OSV
OSVadded 2023/01/23 3:15 p.m.2 views

CVE-2022-4545

The Sitemap WordPress plugin before 4.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
OSV
OSVadded 2023/01/23 3:15 p.m.13 views

CVE-2022-4627

The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege use...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
OSV
OSVadded 2023/01/23 3:15 p.m.2 views

CVE-2022-4625

The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00534EPSS
Exploits2References1
OSV
OSVadded 2023/01/23 3:15 p.m.2 views

CVE-2022-4485

The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...

5.4CVSS5.8AI score
Exploits0References1
OSV
OSVadded 2023/01/23 3:15 p.m.2 views

CVE-2022-4467

The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score
Exploits0References1
Prion
Prionadded 2023/01/23 3:15 p.m.18 views

Cross site scripting

The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

4.9CVSS5.3AI score0.00534EPSS
Exploits2References1Affected Software1
Prion
Prionadded 2023/01/23 3:15 p.m.17 views

Cross site scripting

The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

4.9CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/01/23 2:32 p.m.9 views

CVE-2022-4775 GeoDirectory < 2.2.22 - Contributor+ Stored XSS via Shortcode

The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

5.5AI score0.00471EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2023/01/23 2:32 p.m.6 views

CVE-2022-4718 Landing Page Builder < 1.4.9.9 - Contributor+ Cross-Site Scripting via Shortcode

The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.5AI score0.00471EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2023/01/23 2:31 p.m.5 views

CVE-2022-4753 Print-O-Matic < 2.1.8 - Contributor+ Stored XSS via Shortcode

The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

5.5AI score0.00471EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2023/01/23 2:31 p.m.4 views

CVE-2022-4706 Genesis Columns Advanced < 2.0.4 - Contributor+ Stored XSS via Shortcode

The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against...

6.1AI score0.00471EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2023/01/23 2:31 p.m.3 views

CVE-2022-4668 Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode

The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

6.1AI score0.00471EPSS
Exploits2References1
Vulnrichment
Vulnrichmentadded 2023/01/23 2:31 p.m.8 views

CVE-2022-4672 WordPress Simple Shopping Cart < 4.6.2 - Contributor+ Stored XSS via Shortcode

The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used...

6.1AI score0.00534EPSS
Exploits2References1
Positive Technologies
Positive Technologiesadded 2023/01/23 12:0 a.m.5 views

PT-2023-15389 · WordPress · Print-O-Matic

Name of the Vulnerable Software and Affected Versions: Print-O-Matic WordPress plugin versions prior to 2.1.8 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. This...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References4
Positive Technologies
Positive Technologiesadded 2023/01/23 12:0 a.m.2 views

PT-2023-14989 · WordPress · Easyappointments

Name of the Vulnerable Software and Affected Versions: Easy Appointments WordPress plugin versions prior to 3.11.2 Description: The issue concerns a lack of validation and escaping of some shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site...

5.4CVSS6.3AI score0.00471EPSS
Exploits2References4
WPVulnDB
WPVulnDBadded 2023/01/23 12:0 a.m.13 views

Oi Yandex.Maps <= 3.2.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.1AI score0.00383EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologiesadded 2023/01/23 12:0 a.m.3 views

PT-2023-14548 · WordPress · Collapse-O-Matic

Name of the Vulnerable Software and Affected Versions: Collapse-O-Matic WordPress plugin versions prior to 1.8.3 Description: The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in the page. This could allow users with a...

5.4CVSS5.3AI score0.00534EPSS
Exploits2References5
Rows per page
Query Builder