Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 2025/06/29 6:7 a.m.14 views

CVE-2025-5194

The WP Map Block WordPress plugin before 2.0.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.8CVSS5.6AI score0.00204EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:57 a.m.8 views

CVE-2024-6859

The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.00171EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:51 a.m.7 views

CVE-2023-0252

The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.0054EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:16 a.m.8 views

CVE-2022-4715

The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.9AI score0.00471EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:16 a.m.7 views

CVE-2022-4507

The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins...

5.4CVSS6AI score0.00534EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:14 a.m.6 views

CVE-2022-4479

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.9AI score0.00575EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:27 p.m.6 views

CVE-2022-2325

The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00511EPSS
Exploits2References1
NVD
NVD
added 2025/05/15 8:15 p.m.20 views

CVE-2024-8493

The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.0032EPSS
Exploits1References1
CVE
CVE
added 2025/03/23 6:0 a.m.77 views

CVE-2025-0718

CVE-2025-0718 affects the Nested Pages WordPress plugin up to 3.2.12 (vulnerability would be present before 3.2.13). It permits Stored XSS via unsanitised/unstable configuration settings, potentially abused by high-privilege users (e.g., contributors), even when unfiltered_html is disallowed. Roo...

4.8CVSS5.8AI score0.00247EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/09/09 6:0 a.m.34 views

CVE-2024-5561 Popup Maker < 1.19.1 - Admin+ Stored XSS

The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.0044EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/17 5:0 a.m.36 views

CVE-2024-2118 Social Media Share Buttons < 2.8.9 - Admin+ Stored XSS via settings

The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

5.5AI score0.00405EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/04/12 12:0 a.m.19 views

Gutenverse < 1.9.1 - Contributor+ Stored XSS

Description The plugin does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the below cod...

6AI score0.00442EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/11 12:0 a.m.20 views

Spectra < 2.7.10 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.8AI score0.0056EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.28 views

Jetpack < 12.8-a.3 - Contributor+ Stored XSS via block attribute

Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS6.1AI score0.00521EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/08 12:0 a.m.14 views

Medialist < 1.4.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.7AI score0.00395EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/26 12:0 a.m.12 views

PDF Block <= 1.1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.004EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/10/02 12:0 a.m.11 views

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2023/09/27 12:0 a.m.17 views

Slimstat Analytics < 5.0.9 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00354EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/09/06 12:0 a.m.17 views

WRC Pricing Tables < 2.3.9 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/14 12:0 a.m.17 views

a3 Portfolio < 3.1.1 - Author+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks...

5.9CVSS4.9AI score0.00366EPSS
Exploits0Affected Software1
Rows per page
Query Builder