CVE-2022-4706 Genesis Columns Advanced < 2.0.4 - Contributor+ Stored XSS via Shortcode

The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against...

CVE-2022-4751 Word Balloon < 4.19.3 - Contributor+ Stored XSS via Shortcode

The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

CVE-2022-4675 Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode

The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4789 WPZOOM Portfolio < 1.2.2 - Contributor+ Stored XSS via Shortcode

The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4576 Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS

The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...

CVE-2022-4576

The CVE-2022-4576 affects the WordPress plugin Easy Bootstrap Shortcode (

CVE-2022-4576 Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS

The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...

CVE-2022-4673 Rate my Post – WP Rating System < 3.3.9 - Contributor+ Stored XSS via Shortcode

The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4668 Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode

The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4629 Product Slider for WooCommerce < 2.6.4 - Contributor+ Stored XSS in Shortcode

The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used...

CVE-2022-4672 WordPress Simple Shopping Cart < 4.6.2 - Contributor+ Stored XSS via Shortcode

The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used...

CVE-2022-4672 WordPress Simple Shopping Cart < 4.6.2 - Contributor+ Stored XSS via Shortcode

The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used...

CVE-2022-4760 OneClick Chat to Order < 1.0.4.2 - Contributor+ Stored XSS via Shortcode

The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

CVE-2022-4832 Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode

The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

CVE-2022-4832 Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode

The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

PickPlugins Product Slider for WooCommerce < 1.13.42 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wcps id='" onmouseover="alert/XSS/"'...

Zoho Forms < 3.0.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC As a contributor, put the following in ...

PT-2023-15389 · WordPress · Print-O-Matic

Name of the Vulnerable Software and Affected Versions: Print-O-Matic WordPress plugin versions prior to 2.1.8 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. This...

WordPress plugin Youtube shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin The Easy Bootstrap Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...