Lucene search
+L

16 matches found

Cvelist
Cvelist
added 2025/06/26 2:6 a.m.9 views

CVE-2025-5564 GC Social wall <= 1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

The GC Social Wall plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gcsocialwall' shortcode in all versions up to, and including, 1.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS0.00186EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:11 p.m.9 views

CVE-2022-1683

The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user and not just Author+ like the original advisory mention due to the fact that they ca...

8.8CVSS7.4AI score0.0151EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/12/05 9:23 a.m.6 views

CVE-2024-10056 Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS5.9AI score0.00318EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/27 6:41 a.m.18 views

CVE-2024-10895 Counter Up – Animated Number Counter & Milestone Showcase <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Counter Up – Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lgx-counter' shortcode in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00232EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/19 12:45 p.m.19 views

CVE-2024-11224 Parallax Image <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via position Parameter

The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘position’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

6.4CVSS0.0036EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/07 8:37 a.m.21 views

CVE-2024-6849 Preloader Plus – WordPress Loading Screen Plugin <= 2.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS5.8AI score0.00286EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/27 6:48 a.m.15 views

CVE-2024-7304 Ninja Tables – Easiest Data Table Builder <= 5.0.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00363EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/08/16 10:59 a.m.15 views

CVE-2024-7136 JetSearch <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and abov...

6.4CVSS5.8AI score0.00293EPSS
Exploits0References2
CVE
CVE
added 2024/07/18 8:33 a.m.39 views

CVE-2024-5554

CVE-2024-5554 affects the WordPress plugin Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows). The vulnerability is a Stored Cross-Site Scripting via the onclick_event parameter in all versions up to and including 5.6.11, caused by insufficient...

6.4CVSS6.1AI score0.00337EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/10 2:2 a.m.5 views

CVE-2024-5792 Houzez CRM <= 1.4.2 - Authenticated (Seller+) SQL Injection

The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes ‘belongto’ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.8CVSS7.3AI score0.00454EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/03 7:32 a.m.33 views

CVE-2024-6340 Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00357EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/07/02 5:32 a.m.47 views

CVE-2024-1427 The Post Grid <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user...

6.4CVSS0.00341EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/22 7:37 a.m.16 views

CVE-2024-3666 Opal Estate Pro – Property Management and Submission <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.8AI score0.00261EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/16 11:5 a.m.16 views

CVE-2024-4400 Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.26.4 - Authenticated (Contributer+) Stored Cross-Site Scripting

The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/11 4:30 a.m.32 views

CVE-2024-4630 Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customuploadmimes’ function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS6.3AI score0.00446EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2019/05/08 12:0 a.m.15 views

Custom Field Suite <= 2.5.14 - Authenticated Cross-Site Scripting (XSS)

The Custom Field Suite WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

3.5CVSS1.7AI score0.00946EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder