CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.4CVSS5.8AI score0.00534EPSS

CVE-2022-4625

The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

NVD•added 2023/01/23 3:15 p.m.•27 views

CVE-2022-4576

The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...

5.4CVSS5.3AI score0.00471EPSS

OSV•added 2023/01/23 3:15 p.m.•3 views

CVE-2022-4475

The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00534EPSS

CVE-2022-4485

The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...

5.4CVSS5.8AI score

Exploits0References1

CVE-2022-4467

The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score

Exploits0References1

5.4CVSS5.8AI score0.00393EPSS

CVE-2021-24837

The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

Exploits1References1

Prion•added 2023/01/23 3:15 p.m.•16 views

Cross site scripting

Prion•added 2023/01/23 3:15 p.m.•18 views

Cross site scripting

The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

4.9CVSS5.3AI score0.00534EPSS

Prion•added 2023/01/23 3:15 p.m.•30 views

Cross site scripting

The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

Prion•added 2023/01/23 3:15 p.m.•17 views

Cross site scripting

The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

Prion•added 2023/01/23 3:15 p.m.•18 views

Cross site scripting

The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

Exploits1References1Affected Software1

Vulnrichment•added 2023/01/23 2:32 p.m.•9 views

CVE-2022-4775 GeoDirectory < 2.2.22 - Contributor+ Stored XSS via Shortcode

The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

Vulnrichment•added 2023/01/23 2:32 p.m.•6 views

CVE-2022-4718 Landing Page Builder < 1.4.9.9 - Contributor+ Cross-Site Scripting via Shortcode

The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

Cvelist•added 2023/01/23 2:31 p.m.•19 views

CVE-2022-4715 Structured Content < 1.5.1 - Contributor+ Stored XSS in Shortcode

The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

Cvelist•added 2023/01/23 2:31 p.m.•33 views

CVE-2022-4758 10WebMapBuilder < 1.0.72 - Contributor+ Stored XSS via Shortcode

Cvelist•added 2023/01/23 2:31 p.m.•37 views

CVE-2022-4627 ShiftNav – Responsive Mobile Menu < 1.7.2 - Contributor+ Stored XSS in Shortcode

Vulnrichment•added 2023/01/23 2:31 p.m.•5 views

CVE-2022-4753 Print-O-Matic < 2.1.8 - Contributor+ Stored XSS via Shortcode

The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

Cvelist•added 2023/01/23 2:31 p.m.•23 views

CVE-2022-4753 Print-O-Matic < 2.1.8 - Contributor+ Stored XSS via Shortcode

Vulnrichment•added 2023/01/23 2:31 p.m.•4 views

CVE-2022-4706 Genesis Columns Advanced < 2.0.4 - Contributor+ Stored XSS via Shortcode

The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against...

6.1AI score0.00471EPSS