CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2023/05/30 12:0 a.m.•4 views

PT-2023-15018 · WordPress · Osm Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: OSM WordPress plugin versions through 6.01 Description: The issue concerns the OSM WordPress plugin, where it fails to validate and escape certain shortcode attributes. This could allow users with a role as low as contributor to perform a...

5.4CVSS8.3AI score0.00444EPSS

OSV•added 2023/05/15 1:15 p.m.•3 views

CVE-2023-0490

The fx TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.7AI score0.00462EPSS

Exploits1References1

Prion•added 2023/05/15 1:15 p.m.•17 views

Cross site scripting

4.9CVSS5.4AI score0.00462EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2023/05/10 12:0 a.m.•31 views

Google Analytics by Monster Insights < 8.14.1- Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.0037EPSS

Exploits0Affected Software1

CVE-2023-0768

The Avirato hotels online booking engine WordPress plugin through 5.0.5 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

8.8CVSS7.4AI score

Exploits0References1

5.4CVSS6.7AI score0.00444EPSS

CVE-2023-0542

The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

Exploits1References1

5.4CVSS6.7AI score0.00444EPSS

CVE-2023-0268

The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

OSV•added 2023/05/08 2:15 p.m.•3 views

CVE-2023-0537

The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

5.4CVSS6.7AI score0.00503EPSS

5.4CVSS6.7AI score0.00444EPSS

CVE-2023-0536

The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Vulnrichment•added 2023/05/08 1:58 p.m.•11 views

CVE-2023-0267

The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

5.4CVSS6.7AI score

Exploits0References1

CVE-2023-0268 Mega Addons For WPBakery Page Builder < 4.3.0 - Contributor+ Stored XSS

5.3AI score0.00444EPSS

Positive Technologies•added 2023/05/08 12:0 a.m.•3 views

PT-2023-16342 · WordPress · Wp-D3

Name of the Vulnerable Software and Affected Versions: Wp-D3 WordPress plugin versions prior to 2.4.2 Description: The issue allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks due to the lack of validation and escaping of some shortcode attributes...

5.4CVSS5.9AI score0.00444EPSS

Exploits2References3

Positive Technologies•added 2023/05/08 12:0 a.m.•4 views

PT-2023-16125 · WordPress · The Ultimate Carousel For Wpbakery Page Builder

Name of the Vulnerable Software and Affected Versions: The Ultimate Carousel For WPBakery Page Builder WordPress plugin versions through 2.6 Description: The issue concerns the failure to validate and escape certain shortcode attributes, which could allow users with the contributor role and above...

5.4CVSS8.4AI score0.00444EPSS

Positive Technologies•added 2023/05/08 12:0 a.m.•10 views

PT-2023-16126 · WordPress · Mega Addons For Wpbakery Page Builder

Name of the Vulnerable Software and Affected Versions: Mega Addons For WPBakery Page Builder WordPress plugin versions prior to 4.3.0 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to...

5.4CVSS8.4AI score0.00444EPSS

Positive Technologies•added 2023/05/08 12:0 a.m.•5 views

PT-2023-16343 · WordPress · Product Slider For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Product Slider For WooCommerce Lite WordPress plugin versions 1.1.7 and earlier Description: The issue is related to the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page/post where...

5.4CVSS8.3AI score0.00503EPSS

Exploits2References5

Positive Technologies•added 2023/05/08 12:0 a.m.•3 views

PT-2023-16332 · WordPress · The Post Shortcode

Name of the Vulnerable Software and Affected Versions: The Post Shortcode WordPress plugin versions 2.0.9 and earlier Description: The issue concerns a lack of validation and escaping of certain shortcode attributes in the plugin, which could allow users with the contributor role and above to...

5.4CVSS8.3AI score0.00448EPSS