CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.4CVSS6.7AI score0.00532EPSS

CVE-2023-5740

The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

Exploits0References3

5.4CVSS6.7AI score0.00603EPSS

CVE-2023-5744

The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Exploits1References3

OSV•added 2023/10/25 6:17 p.m.•4 views

CVE-2023-5745

The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

5.4CVSS6AI score

OSV•added 2023/10/25 6:17 p.m.•1 views

CVE-2023-5085

The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wit...

5.4CVSS6.7AI score0.00352EPSS

5.4CVSS7AI score0.00445EPSS

CVE-2023-5126

The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugindeleteme' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

4.8CVSS7.3AI score0.00409EPSS

CVE-2023-45644

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...

NVD•added 2023/10/25 6:17 p.m.•17 views

CVE-2023-45644

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...

5.9CVSS5.4AI score0.00409EPSS

CNNVD•added 2023/10/25 12:0 a.m.•1 views

WordPress Plugin CPT Shortcode Generator Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.9CVSS6AI score0.00409EPSS

WPVulnDB•added 2023/10/25 12:0 a.m.•15 views

Delete Me < 3.1 - Contributor+ Stored Cross-Site Scripting via Shortcode

Description The plugin does not validate and escape some of its attributes for the plugindeleteme shortcode before outputting them back into the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against...

5.4CVSS6AI score0.00445EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/10/25 12:0 a.m.•12 views

BSK PDF Manager < 3.4.2 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its attributes for the bsk-pdfm-category-dropdown shortcode before outputting them back into the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used agains...

6.4CVSS6AI score0.00449EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2023/10/25 12:0 a.m.•17 views

WP Font Awesome <= 1.7.9 - Contributor+ Stored Cross-Site Scripting via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back into the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admi...

6.4CVSS5.7AI score0.00565EPSS

Vulnrichment•added 2023/10/24 1:52 p.m.•3 views

CVE-2023-5745 Reusable Text Blocks <= 1.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode

5.5CVSS6.8AI score0.00439EPSS

Vulnrichment•added 2023/10/24 1:52 p.m.•1 views

CVE-2023-5127 WP Font Awesome <= 1.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with...

6.4CVSS6.1AI score0.00565EPSS

Exploits0References10

Vulnrichment•added 2023/10/24 11:10 a.m.•13 views

CVE-2023-45644 WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...

5.9CVSS5.8AI score0.00409EPSS

CVE•added 2023/10/24 11:10 a.m.•38 views

CVE-2023-45644

CVE-2023-45644: Authenticated (admin+) Stored Cross-Site Scripting in the CPT Shortcode Generator plugin prior to or at version 1.0. Root cause details are not explicitly stated in the provided documents, but the vulnerability is described as a stored XSS affecting admin-level contexts. Public ex...

5.9CVSS5.1AI score0.00409EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/10/24 11:10 a.m.•30 views

CVE-2023-45644 WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...

5.9CVSS5.5AI score0.00409EPSS