CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2022-4481

The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

OSV•added 2023/01/16 4:15 p.m.•1 views

CVE-2022-4464

Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high...

5.4CVSS5.8AI score0.00252EPSS

5.4CVSS5.8AI score0.00252EPSS

CVE-2022-4483

The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

CVE-2022-4460

The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used...

CVE-2022-4465

The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00198EPSS

CVE-2022-4482

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be...

CVE-2022-4484

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

OSV•added 2023/01/16 4:15 p.m.•1 views

CVE-2022-4453

The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like...

CVE-2022-4476

The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins...

OSV•added 2023/01/16 4:15 p.m.•1 views

CVE-2022-4480

The Click to Chat WordPress plugin before 3.18.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...

5.4CVSS5.8AI score0.00252EPSS

CVE-2022-4486

The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

CVE-2022-4449

The Page scroll to id WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4431

The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...

Prion•added 2023/01/16 4:15 p.m.•16 views

Exploits0References2

Cross site scripting

4.9CVSS5.3AI score0.00363EPSS

Exploits2References1Affected Software1

Prion•added 2023/01/16 4:15 p.m.•16 views

Cross site scripting

4.9CVSS5.3AI score0.00198EPSS

Exploits2References1Affected Software1

Prion•added 2023/01/16 4:15 p.m.•12 views

Cross site scripting

The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

4.9CVSS5.3AI score0.00198EPSS

Exploits2References1Affected Software1

Vulnrichment•added 2023/01/16 3:38 p.m.•4 views

CVE-2022-4451 Sassy Social Share < 3.3.45 - Contributor+ Stored XSS

The Social Sharing WordPress plugin before 3.3.45 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.5AI score0.00261EPSS

Cvelist•added 2023/01/16 3:38 p.m.•15 views

CVE-2022-4476 Download Manager < 3.2.62 - Contributor+ Stored XSS

5.6AI score0.00363EPSS

Vulnrichment•added 2023/01/16 3:37 p.m.•8 views

CVE-2022-4481 Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS

5.4AI score0.00296EPSS