Cross site scripting

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2022-4653 Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode

The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

Font Awesome < 4.3.2 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. PoC Exploit shortcode: icon...

Yada Wiki < 3.4.1 - Contributor+ Stored XSS

The plugin did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue PoC - Create a wiki page. If there is already a page, you can skip. The page can be a draft. - Add this shortcode to a post/page, view it and move the mouse over...