CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2023/01/16 4:15 p.m.•2 views

CVE-2022-4449

The Page scroll to id WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score

Exploits0References1

OSV•added 2023/01/16 4:15 p.m.•2 views

CVE-2022-4431

The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...

5.4CVSS5.8AI score

Exploits0References2

Prion•added 2023/01/16 4:15 p.m.•16 views

Cross site scripting

The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like...

4.9CVSS5.3AI score0.00363EPSS

Exploits2References1Affected Software1

Prion•added 2023/01/16 4:15 p.m.•16 views

Cross site scripting

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be...

4.9CVSS5.3AI score0.00198EPSS

Exploits2References1Affected Software1

Prion•added 2023/01/16 4:15 p.m.•12 views

Cross site scripting

The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

4.9CVSS5.3AI score0.00198EPSS

Exploits2References1Affected Software1

Vulnrichment•added 2023/01/16 3:38 p.m.•4 views

CVE-2022-4451 Sassy Social Share < 3.3.45 - Contributor+ Stored XSS

The Social Sharing WordPress plugin before 3.3.45 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.5AI score0.00261EPSS

Cvelist•added 2023/01/16 3:38 p.m.•15 views

CVE-2022-4476 Download Manager < 3.2.62 - Contributor+ Stored XSS

The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins...

5.6AI score0.00363EPSS

Vulnrichment•added 2023/01/16 3:37 p.m.•8 views

CVE-2022-4481 Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS

The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4AI score0.00296EPSS

Positive Technologies•added 2023/01/16 12:0 a.m.•2 views

PT-2023-14553 · WordPress · Font Awesome Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Font Awesome WordPress plugin versions prior to 4.3.2 Description: The issue concerns the Font Awesome WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them. This could allow users...

5.4CVSS5.9AI score0.00198EPSS

Exploits2References5

CNNVD•added 2023/01/16 12:0 a.m.•3 views

WordPress plugin Smash Balloon Social Post Feed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00198EPSS

Exploits1References2

5.4CVSS4.9AI score0.00252EPSS

WordPress plugin Click to Chat 跨站脚本漏洞

5.4CVSS5.4AI score0.00285EPSS

WordPress plugin Page scroll to id 跨站脚本漏洞

5.4CVSS5.4AI score0.00261EPSS

WordPress plugin Social Sharing 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

5.4CVSS4.9AI score0.00198EPSS

WordPress plugin Greenshift 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Exploits1References2

5.4CVSS5.4AI score0.00363EPSS

WordPress plugin Simple Membership 跨站脚本漏洞

Positive Technologies•added 2023/01/16 12:0 a.m.•3 views

PT-2023-14515 · Codelights · Sidebar Widgets

Name of the Vulnerable Software and Affected Versions: The Sidebar Widgets by CodeLights WordPress plugin versions 1.4 and earlier Description: The issue allows users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege use...

5.4CVSS6.2AI score0.00261EPSS

Exploits2References5

CNNVD•added 2023/01/16 12:0 a.m.•3 views

WordPress plugin Insert Pages 跨站脚本漏洞

5.4CVSS5.4AI score0.00252EPSS

CNNVD•added 2023/01/16 12:0 a.m.•1 views

WordPress plugin ConvertKit 跨站脚本漏洞

5.4CVSS5.4AI score0.00252EPSS