CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8959 matches found

Prion•added 2023/01/16 4:15 p.m.•16 views

Cross site scripting

The MashShare WordPress plugin before 3.8.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

4.9CVSS5.3AI score0.00534EPSS

Exploits2References1Affected Software1

Prion•added 2023/01/16 4:15 p.m.•13 views

Cross site scripting

The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

4.9CVSS5.3AI score0.00471EPSS

Exploits2References1Affected Software1

Prion•added 2023/01/16 4:15 p.m.•17 views

Cross site scripting

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be...

4.9CVSS5.3AI score0.00471EPSS

Exploits2References1Affected Software1

Prion•added 2023/01/16 4:15 p.m.•17 views

Cross site scripting

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.44 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

4.9CVSS5.3AI score0.00471EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/01/16 3:38 p.m.•15 views

CVE-2022-4484 Super Socializer < 7.13.44 - Contributor+ Stored XSS

5.5AI score0.00471EPSS

Exploits1References1

Vulnrichment•added 2023/01/16 3:38 p.m.•4 views

CVE-2022-4451 Sassy Social Share < 3.3.45 - Contributor+ Stored XSS

The Social Sharing WordPress plugin before 3.3.45 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.5AI score0.00471EPSS

Exploits2References1

CVE•added 2023/01/16 3:38 p.m.•65 views

CVE-2022-4460

The CVE-2022-4460 entry concerns the WordPress plugin Sidebar Widgets by CodeLights, affected versions 1.4 and earlier. The vulnerability arises from insufficient validation and escaping of shortcode attributes, enabling Stored XSS by attackers with a contributor role, potentially impacting high-...

5.4CVSS5.4AI score0.00471EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/01/16 3:38 p.m.•22 views

CVE-2022-4476 Download Manager < 3.2.62 - Contributor+ Stored XSS

The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins...

5.6AI score0.00575EPSS

Exploits2References1

Vulnrichment•added 2023/01/16 3:37 p.m.•9 views

CVE-2022-4481 Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS

The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4AI score0.00575EPSS

Exploits2References1

Cvelist•added 2023/01/16 3:37 p.m.•31 views

CVE-2022-4658 RSSImport <= 4.6.1 - Contributor+ Stored XSS via Shortcode

The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.5AI score0.00471EPSS

Exploits1References1

Cvelist•added 2023/01/16 3:37 p.m.•21 views

CVE-2022-4653 Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode

The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.5AI score0.00393EPSS

Exploits1References1

WPVulnDB•added 2023/01/16 12:0 a.m.•15 views

Restaurant Menu < 2.3.6 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC The exploit requires at least a...

5.4CVSS5AI score0.00667EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/01/16 12:0 a.m.•15 views

Simple Tooltips < 2.1.4 - Contributor+ Stored XSS via Shortcode

5.4CVSS5AI score0.00605EPSS

Exploits2Affected Software1

CNNVD•added 2023/01/16 12:0 a.m.•3 views

WordPress plugin WP Video Lightbox 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00471EPSS

Exploits1References2