Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.20 views

Seriously Simple Podcasting < 3.1.0 - Reflected Cross-Site Scripting

Description The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS8.6AI score0.00426EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/24 12:0 a.m.20 views

WordPress Automatic Plugin < 3.93.0 Cross-Site Request Forgery

Description The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.92.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...

7.6CVSS6.7AI score0.00232EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.20 views

GG Woo Feed for WooCommerce Shopping Feed < 1.2.7 - Missing Authorization

Description The GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /inc/Core/ajax-functions.php file in all versions up to, and...

4.3CVSS4.4AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.20 views

Popup Anything < 2.8.1 - Missing Authorization

Description The Popup Anything – Popup for opt-ins and Lead Generation Conversions plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the popupaocrenderpopuppreview function in all versions up to, and including, 2.8.0. This makes it possible for...

5.3CVSS5.1AI score0.0042EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.20 views

Attesa Extra < 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Attesa Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.5CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.20 views

Canva – Design beautiful blog graphics <= 1.2.4 - Reflected Cross-Site Scripting

Description The Canva – Design beautiful blog graphics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.4AI score0.00333EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/18 12:0 a.m.20 views

ElementsKit Pro < 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'

Description The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/18 12:0 a.m.20 views

Poll Maker – Best WordPress Poll Plugin < 5.1.9 - Missing Authorization to Unauthenticated Email Enumeration

Description The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspollcreateauthor function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to...

5.3CVSS6.5AI score0.00584EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.20 views

Wallet System for WooCommerce < 2.5.10 - Cross-Site Request Forgery

Description The Wallet System for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform a...

5.4CVSS6.5AI score0.00209EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.20 views

Aspose.Words Exporter <= 6.3.1 - Missing Authorization

Description The Aspose.Words – Import and Export word documents plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.3.1. This makes it possible for authenticated attackers, with subscriber-level access a...

4.3CVSS6.2AI score0.00376EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.20 views

Spotlight Social Media Feeds < 1.6.11 - Cross-Site Request Forgery

Description The Spotlight Social Media Feeds plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.10. This is due to missing or incorrect nonce validation in the AuthCallbackListener class. This makes it possible for unauthenticated attackers to...

4.3CVSS6.5AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.20 views

Table & Contact Form 7 Database – Tablesome < 1.0.26 - Cross-Site Request Forgery

Description The Table & Contact Form 7 Database – Tablesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.25. This is due to missing or incorrect nonce validation on the publishtable function. This makes it possible for unauthenticated...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.20 views

BA Book Everything < 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This...

6.4CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/12 12:0 a.m.20 views

WPZOOM Social Feed Widget & Block < 2.1.14 - Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion

Description The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoominstagramcleardata function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with...

4.3CVSS6.5AI score0.00465EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/12 12:0 a.m.20 views

eRoom – Zoom Meetings & Webinar < 1.4.19 - Missing Authorization to Information Exposure

Description The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the searchposts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post...

4.3CVSS6.2AI score0.00534EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.20 views

Email Subscribers & Newsletters < 5.7.14 - Missing Authorization

Description The Email Subscribers & Newsletters plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 5.7.13. This makes it possible for unauthenticated attackers to perform an unauthorized action...

9.8CVSS6.4AI score0.00386EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.20 views

AWP Classifieds < 4.3.2 - Missing Authorization

Description The AWP Classifieds plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized...

8.8CVSS6.2AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.20 views

WebinarPress < 1.33.10 - Reflected Cross-Site Scripting

Description The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.33.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.3AI score0.00372EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.20 views

Bricksforge < 2.1.1 - Missing Authorization to Unauthenticated WordPress Settings Update

Description The Bricksforge plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.17. This makes it possible for unauthenticated attackers to update arbitrary WordPress settings...

9.8CVSS6.6AI score0.00409EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.20 views

Loan Repayment Calculator and Application Form < 2.9.5 - Cross-Site Request Forgery

Description The Loan Repayment Calculator and Application Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers ...

5.4CVSS6.2AI score0.00197EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.20 views

Profile Builder < 3.11.3 - Restricted Email Bypass

Description The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to restricted email domain bypass in all versions up to, and including, 3.11.2. This makes it possible for unauthenticated attackers to register with email...

5.3CVSS6.6AI score0.00223EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/10 12:0 a.m.20 views

Carousel Slider < 2.2.7 - Editor+ Stored Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting via the Slides Per View parameter in all versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

6.5AI score0.00484EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/09 12:0 a.m.20 views

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score < 7.1.0 - Sensitive Information Exposure via insufficiently protected files

Description The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated...

7.5CVSS6.7AI score0.00444EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/09 12:0 a.m.20 views

Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce < 2.6.4 - Authenticated (Admin+) PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP...

7.2CVSS7.2AI score0.00973EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/08 12:0 a.m.20 views

Element Pack Elementor Addons < 5.3.3 - Contributor+ Stored XSS via Custom Gallery Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the image URL parameter of the Custom Gallery Widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web...

6.4CVSS5.8AI score0.00344EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/08 12:0 a.m.20 views

Photo Gallery by 10Web < 1.8.22 - Admin+ Stored XSS via SVG

Description The plugin is vulnerable to Stored Cross-Site Scripting via SVG file uploads due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute...

5.5CVSS5.8AI score0.00436EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/06 12:0 a.m.20 views

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator < 4.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message

Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output...

6.4CVSS5.9AI score0.00352EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/06 12:0 a.m.20 views

ShortPixel Adaptive Images < 3.8.3 - Missing Authorization in activate_ai_handler and deactivate_ai_handler

Description The ShortPixel Adaptive Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activateaihandler and deactivateaihandler functions in versions up to, and including, 3.8.2. This makes it possible for unauthenticated...

5.3CVSS6.6AI score0.00388EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/05 12:0 a.m.20 views

Relevanssi – A Better Search < 4.22.2 - Missing Authorization to Unauthenticated Count Option Update

Description The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssiupdatecounts function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execu...

8.2CVSS7AI score0.0081EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/05 12:0 a.m.20 views

Happy Addons for Elementor < 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget

Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.7AI score0.00536EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/05 12:0 a.m.20 views

Happy Addons for Elementor < 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy

Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5.8AI score0.00343EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/05 12:0 a.m.20 views

Sassy Social Share < 3.3.61 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the...

5.1AI score0.0048EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.20 views

Wholesale For WooCommerce < 2.3.1 - Unauthenticated Information Exposure

Description The woocommerce-wholesale-pricing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

5.3CVSS6.7AI score0.00446EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.20 views

Nelio Content < 3.2.1 - Authenticated (Contributor+) Server-Side Request Forgery

Description The Nelio Content – Best Editorial Calendar & Social Media Scheduling plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with contributor-level access and above, to make web...

4.9CVSS6.7AI score0.0027EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.20 views

WP Advanced Search <= 1.1.6 - Admin+ SQL Injection

Description The plugin does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations. PoC 1. Log in as an administrator 2. Visit...

7.6AI score0.00422EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.20 views

Falang multilanguage < 1.3.48 - Authenticated (Administrator+) SQL Injection

Description The Falang multilanguage plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.3.47 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

7.6CVSS7.3AI score0.00574EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/04 12:0 a.m.20 views

Shortcodes and extra features for Phlox theme <= 2.15.5 - Missing Authorization

Description The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.15.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perfor...

8.8CVSS6.5AI score0.00361EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

Simple Revisions Delete < 1.5.4 - Cross-Site Request Forgery

Description The Simple Revisions Delete plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.3. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forg...

8.8CVSS6.5AI score0.00241EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

WordPress Tag and Category Manager – AI Autotagger < 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sttagcloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.9AI score0.00449EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

WP Hotel Booking < 2.0.9.3 - Missing Authorization

Description The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.0.9.2. This makes it possible for unauthenticated attackers to perform an unauthorized action...

9.8CVSS7AI score0.00519EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

Import WP < 2.13.1 - Admin+ Server-side Request Forgery

Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. PoC 1. As an admin, create a new importer in /wp-admin/tools.php?page=importwp 2. Visit /wp-admin/admin-ajax.php?action=rest-nonce...

6.8AI score0.00568EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

SellKit < 1.8.3 - Authenticated (Subscriber+) Arbitrary File Download

Description The SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 1.8.1. This is due to insufficient file validation in the handlefiledownload function. This mak...

6.5CVSS6.6AI score0.00623EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

collectchat < 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The collectchat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

Better Elementor Addons < 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

Portfolio Gallery – Image Gallery Plugin < 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.5CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

WCFM – Frontend Manager for WooCommerce < 6.7.9 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Description The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.7.8 due to insufficient input sanitization and output escaping...

5.9CVSS5.9AI score0.00353EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

SecuPress Free — WordPress Security < 2.2.5.2 - Cross-Site Request Forgery to Banned IP Address

Description The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for...

4.3CVSS6.8AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

Post Grid, Slider & Carousel Ultimate < 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Post Grid, Slider & Carousel Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

Frontend Dashboard < 2.2.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The Frontend Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.5CVSS5.9AI score0.0036EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

Grid Shortcodes < 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Grid Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...

6.5CVSS5.9AI score0.00351EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000