CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2023/01/23 2:32 p.m.•6 views

CVE-2022-4718 Landing Page Builder < 1.4.9.9 - Contributor+ Cross-Site Scripting via Shortcode

The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.5AI score0.00198EPSS

Vulnrichment•added 2023/01/23 2:31 p.m.•5 views

CVE-2022-4753 Print-O-Matic < 2.1.8 - Contributor+ Stored XSS via Shortcode

The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

5.5AI score0.00261EPSS

Vulnrichment•added 2023/01/23 2:31 p.m.•4 views

CVE-2022-4706 Genesis Columns Advanced < 2.0.4 - Contributor+ Stored XSS via Shortcode

The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against...

6.1AI score0.00181EPSS

Vulnrichment•added 2023/01/23 2:31 p.m.•3 views

CVE-2022-4668 Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode

The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

6.1AI score0.00198EPSS

Vulnrichment•added 2023/01/23 2:31 p.m.•7 views

CVE-2022-4672 WordPress Simple Shopping Cart < 4.6.2 - Contributor+ Stored XSS via Shortcode

The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used...

6.1AI score0.00252EPSS

Positive Technologies•added 2023/01/23 12:0 a.m.•2 views

PT-2023-14548 · WordPress · Collapse-O-Matic

Name of the Vulnerable Software and Affected Versions: Collapse-O-Matic WordPress plugin versions prior to 1.8.3 Description: The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in the page. This could allow users with a...

5.4CVSS5.3AI score0.00252EPSS

Positive Technologies•added 2023/01/23 12:0 a.m.•4 views

PT-2023-14663 · WordPress · Compact Wp Audio Player

Name of the Vulnerable Software and Affected Versions: Compact WP Audio Player WordPress plugin versions prior to 1.9.8 Description: The issue concerns the Compact WP Audio Player WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them. Th...

WPVulnDB•added 2023/01/23 12:0 a.m.•13 views

Oi Yandex.Maps <= 3.2.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.1AI score0.00181EPSS

Exploits0Affected Software1

Positive Technologies•added 2023/01/23 12:0 a.m.•2 views

PT-2023-15196 · WordPress · Structured Content

Name of the Vulnerable Software and Affected Versions: Structured Content WordPress plugin versions prior to 1.5.1 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins...

5.4CVSS5.3AI score0.00285EPSS

Positive Technologies•added 2023/01/23 12:0 a.m.•3 views

PT-2023-14528 · WordPress · Search & Filter

Name of the Vulnerable Software and Affected Versions: Search & Filter WordPress plugin versions prior to 1.2.16 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admin, du...

5.4CVSS5.2AI score0.00181EPSS

Exploits2References3

Positive Technologies•added 2023/01/23 12:0 a.m.•2 views

PT-2023-14989 · WordPress · Easyappointments

Name of the Vulnerable Software and Affected Versions: Easy Appointments WordPress plugin versions prior to 3.11.2 Description: The issue concerns a lack of validation and escaping of some shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site...

5.4CVSS6.3AI score0.00198EPSS

Positive Technologies•added 2023/01/23 12:0 a.m.•3 views

PT-2023-15222 · WordPress · Landing Page Builder

Name of the Vulnerable Software and Affected Versions: Landing Page Builder WordPress plugin versions prior to 1.4.9.9 Description: The issue arises from the plugin not validating and escaping some of its shortcode attributes before outputting them back in the page. This could allow users with a...

Positive Technologies•added 2023/01/23 12:0 a.m.•2 views

PT-2023-15423 · WordPress · Oneclick Chat To Order

Name of the Vulnerable Software and Affected Versions: OneClick Chat to Order WordPress plugin versions prior to 1.0.4.2 Description: The issue arises from the plugin not validating and escaping some of its shortcode attributes before outputting them back in the page. This could allow users with ...

Positive Technologies•added 2023/01/23 12:0 a.m.•9 views

PT-2023-15203 · WordPress · Wp Popups

Name of the Vulnerable Software and Affected Versions: WP Popups WordPress plugin versions prior to 2.1.4.8 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. This i...

Positive Technologies•added 2023/01/23 12:0 a.m.•3 views

PT-2023-15389 · WordPress · Print-O-Matic

Name of the Vulnerable Software and Affected Versions: Print-O-Matic WordPress plugin versions prior to 2.1.8 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. This...

5.4CVSS5.3AI score0.00261EPSS