Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•15 views

UniConsent Cookie Consent CMP for GDPR / CCPA < 1.4.4 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•19 views

Blocks <= 1.6.42 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00336EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•16 views

Social Metrics <= 2.2 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•12 views

Popup contact form <= 7.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.00336EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•10 views

Click To Tweet <= 2.0.14 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00331EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•17 views

Order Delivery Date for WP e-Commerce <= 1.2 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•16 views

Insert Estimated Reading Time <= 1.2 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•10 views

WWM Social Share On Image Hover <= 2.2 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00336EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•17 views

Anchor Episodes Index (Spotify for Podcasters) < 2.1.8 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.5CVSS5.6AI score0.00328EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•19 views

Rescue Shortcodes <= 2.5 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.0031EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•15 views

Regpack <= 0.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.0031EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•14 views

WP Adminify < 3.1.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00336EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•16 views

FooGallery < 2.3.2 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00351EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•18 views

Dreamfox Media Payment gateway per Product for Woocommerce < 3.2.8 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00351EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•23 views

Popup contact form <= 7.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.00336EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•17 views

Images Slideshow by 2J <= 1.3.54 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.5AI score0.00328EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•8 views

Attorney <= 3 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00324EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•12 views

Notice Bar < 3.1.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.00303EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•14 views

Locations <= 4.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.0033EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•15 views

Cooked <= 1.7.13 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.00328EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•12 views

Most Popular Posts Widget < 0.9 - Admin+ SQL injection

Description The plugin does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue...

9.8CVSS7.4AI score0.00558EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•12 views

The Awesome Feed – Custom Feed <= 2.2.5 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.00328EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•15 views

Back To The Top Button <= 2.1.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.9AI score0.00316EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•32 views

wordpress publish post email notification < 1.0.2.3 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.0031EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
•added 2023/10/02 12:0 a.m.•11 views

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0
WPVulnDB
WPVulnDB
•added 2023/10/01 12:0 a.m.•13 views

Blog Filter <= 1.4 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not adequately sanitize and escape the 'vivafbcomment' shortcode. This lack of proper input sanitization and output escaping allows authenticated users with contributor-level permissions or higher to inject arbitrary web scripts into pages. These scripts will execute...

6.4CVSS6.4AI score0.00359EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/10/01 12:0 a.m.•15 views

OpenHook < 4.3.1 - Subscriber+ Remote Code Execution

Description The plugin does not prevent low-privileged users like subscribers from using its 'php' shortcode feature, leading to potential Remote Code Execution...

9.9CVSS6.9AI score0.01429EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/29 12:0 a.m.•9 views

Goods Catalog <= 2.4.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.0031EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/09/29 12:0 a.m.•14 views

WooCommerce PensoPay < 6.3.2 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00324EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/29 12:0 a.m.•22 views

WP-dTree <= 4.4.5 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/09/29 12:0 a.m.•17 views

Smarty for WordPress <= 3.1.35 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00358EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/09/29 12:0 a.m.•21 views

authLdap <= 2.5.9 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/09/29 12:0 a.m.•13 views

Stock Quotes List <= 2.9.11 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS5.7AI score0.0031EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/09/29 12:0 a.m.•15 views

WP Bannerize Pro <= 1.6.9 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/09/29 12:0 a.m.•13 views

HollerBox < 2.3.3 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.0031EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/29 12:0 a.m.•11 views

Photo Gallery Slideshow & Masonry Tiled Gallery < 1.0.14 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00309EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/29 12:0 a.m.•17 views

User Feedback < 1.0.8 - Unauthenticated Stored XSS

Description The plugin does not validate and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...

7.1CVSS5.8AI score0.00483EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/28 12:0 a.m.•11 views

Font Awesome More Icons <= 3.5 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not properly sanitize and escape the 'icon' shortcode, leading to a potential Stored Cross-Site Scripting vulnerability. As a result, users with contributor-level permissions and above can inject arbitrary web scripts into pages...

6.4CVSS5.7AI score0.00362EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/09/28 12:0 a.m.•17 views

Welcart e-Commerce < 2.8.22 - Editor+ Arbitrary File Upload

Description The plugin does not prevent users with editor or higher privileges from uploading an arbitrary file to an unauthorized directory...

7.2CVSS6.6AI score0.00949EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/28 12:0 a.m.•28 views

Essential Blocks < 4.2.1 - Unauthenticated Object Injection

Description The plugin doesn't prevent unauthenticated attackers from deserializing user input, which could allow them to run code on the server if they have a POP chain allowing them to do so...

9.8CVSS7.3AI score0.0134EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/28 12:0 a.m.•17 views

Font Awesome Integration <= 5.0 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not sufficiently sanitize and escape user-supplied attributes in the 'fawesome' shortcode, which can lead to the injection of arbitrary web scripts on pages accessed by users...

6.4CVSS6.7AI score0.00359EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/09/28 12:0 a.m.•13 views

Welcart e-Commerce < 2.8.22 - Multiple XSS

Description The plugin does not sanitize and escape a parameter before outputting it back in multiple pages, leading to a Reflected Cross-Site Scripting which could be used against other users...

6.1CVSS5.8AI score0.00621EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/28 12:0 a.m.•18 views

TM WooCommerce Compare & Wishlist <= 1.1.7 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not sufficiently sanitize and escape user-supplied attributes in the 'tmwoowishlisttable' shortcode. This leads to a Stored Cross-Site Scripting vulnerability, enabling authenticated users with contributor-level or higher permissions to inject arbitrary web scripts...

6.4CVSS5.9AI score0.00333EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/09/28 12:0 a.m.•15 views

Welcart e-Commerce < 2.8.22 - Editor+ SQL Injection

Description The plugin does not properly sanitize and escape a parameter before using it in an SQL statement, leading to an SQL injection exploitable by users with a role as low as an editor...

8.8CVSS7.3AI score0.00909EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/28 12:0 a.m.•20 views

Welcart e-Commerce < 2.8.22 - Author+ SQL Injection

Description The plugin does not properly sanitize and escape a parameter before using it in an SQL statement, leading to an SQL injection exploitable by users with a role as low as an author...

4.9CVSS7.3AI score0.00767EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/28 12:0 a.m.•13 views

Welcart e-Commerce < 2.8.22 - Author+ Path Traversal

Description The plugin does not prevent users with author or higher privilege from obtaining partial information of the files on the web server...

4.3CVSS6.3AI score0.00597EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/27 12:0 a.m.•11 views

Social Media & Share Icons < 2.8.4 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/27 12:0 a.m.•11 views

GuruWalk Affiliates <= 1.0.0 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.6AI score0.00316EPSS
Exploits0References1
WPVulnDB
WPVulnDB
•added 2023/09/27 12:0 a.m.•22 views

Ultimate Addons for Contact Form 7 < 3.2.1 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.7AI score0.0033EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
•added 2023/09/27 12:0 a.m.•14 views

Sitekit < 1.4 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.5CVSS6.1AI score0.00309EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14603