CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2023/01/09 12:0 a.m.•3 views

PT-2023-14572 · WordPress · Jetpack Crm

Name of the Vulnerable Software and Affected Versions: Jetpack CRM WordPress plugin versions prior to 5.5 Description: The issue concerns the Jetpack CRM WordPress plugin, where it fails to validate and escape certain shortcode attributes before outputting them, potentially leading to Stored...

5.4CVSS5.3AI score0.00252EPSS

Exploits2References4

WPVulnDB•added 2023/01/05 12:0 a.m.•12 views

CC Child Pages < 1.43 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...

5.4CVSS1.6AI score0.00296EPSS

WPVulnDB•added 2023/01/05 12:0 a.m.•17 views

Widgets for Google Reviews < 9.8 - Contributor+ Stored XSS

6.4CVSS2.2AI score0.00187EPSS

WPVulnDB•added 2022/12/27 12:0 a.m.•15 views

Page-list < 5.3 - Contributor+ Stored XSS

5.4CVSS1.7AI score0.00181EPSS

WPVulnDB•added 2022/12/22 12:0 a.m.•26 views

3D FlipBook < 1.13.3 - Contributor+ Stored XSS

The plugin does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators. PoC 1. As an administrator,...

6.1CVSS2AI score0.00363EPSS

WPVulnDB•added 2022/12/22 12:0 a.m.•35 views

Carousel, Slider, Gallery by WP Carousel < 2.5.3 - Contributor+ Stored XSS

5.4CVSS1.8AI score0.00198EPSS

WPVulnDB•added 2022/12/20 12:0 a.m.•18 views

WOOCS < 1.3.9.3 - Contributor+ Stored XSS

5.4CVSS1.7AI score0.00181EPSS

Exploits3Affected Software1

OSV•added 2022/12/19 2:15 p.m.•2 views

CVE-2022-3985

The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

OSV•added 2022/12/19 2:15 p.m.•3 views

CVE-2022-3983

The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

OSV•added 2022/12/19 2:15 p.m.•2 views

CVE-2022-3986

The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

OSV•added 2022/12/19 2:15 p.m.•1 views

CVE-2022-3984

The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score

Exploits0References1

OSV•added 2022/12/19 2:15 p.m.•3 views

CVE-2022-3987

The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

Vulnrichment•added 2022/12/19 1:41 p.m.•7 views

CVE-2022-3984 Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS

5.4AI score0.00181EPSS

CNNVD•added 2022/12/19 12:0 a.m.•1 views

WordPress plugin Flowplayer Video Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

5.4CVSS5.5AI score0.00181EPSS

Positive Technologies•added 2022/12/19 12:0 a.m.•3 views

PT-2022-25061 · WordPress · Responsive Lightbox2

Name of the Vulnerable Software and Affected Versions: Responsive Lightbox2 WordPress plugin versions prior to 1.0.4 Description: The issue is related to the lack of validation and escaping of some shortcode attributes, which could allow users with a role as low as contributor to perform Stored...

5.4CVSS5.2AI score0.00181EPSS

Exploits2References5

Positive Technologies•added 2022/12/19 12:0 a.m.•2 views

PT-2022-25050 · WordPress · Wp Stripe Checkout

Name of the Vulnerable Software and Affected Versions: WP Stripe Checkout WordPress plugin version 1.2.2.21 and earlier Description: The issue is related to the WP Stripe Checkout WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in...

5.4CVSS5.2AI score0.00181EPSS

Exploits2References5

CNNVD•added 2022/12/19 12:0 a.m.•2 views

WordPress plugin WP Stripe Checkout 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.4CVSS5.6AI score0.00181EPSS

CNNVD•added 2022/12/19 12:0 a.m.•1 views

WordPress plugin Responsive Lightbox2 跨站脚本漏洞

5.4CVSS5.5AI score0.00181EPSS