Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.13 views

VS Contact Form < 14.8 - CAPTCHA Bypass

Description The VS Contact Form plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 14.7. This makes it possible for unauthenticated attackers to bypass the Captcha Verification...

5.3CVSS7.1AI score0.00485EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

Simple Revisions Delete < 1.5.4 - Cross-Site Request Forgery

Description The Simple Revisions Delete plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.3. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forg...

8.8CVSS6.5AI score0.00241EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.19 views

OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) < 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The OpenStreetMap for Gutenberg and WPBakery Page Builder formerly Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.5CVSS5.8AI score0.0036EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

WordPress Tag and Category Manager – AI Autotagger < 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sttagcloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.9AI score0.00449EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.12 views

SEO Title Tag <= 3.5.9 - Reflected Cross-Site Scripting

Description The SEO Title Tag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00354EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.13 views

AI Twitter Feeds (Twitter widget & shortcode) <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The AI Twitter Feeds Twitter widget & shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...

6.5CVSS5.8AI score0.0032EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

IP Blocker Lite <= 11.1.1 - IP Spoofing

Description The LionScripts: IP Blocker Lite plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 11.1.1 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP Address and bypass blocklisting...

5.3CVSS6.7AI score0.00536EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.16 views

WC Marketplace < 4.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WC Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...

6.5CVSS5.8AI score0.0036EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

WP Hotel Booking < 2.0.9.3 - Missing Authorization

Description The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.0.9.2. This makes it possible for unauthenticated attackers to perform an unauthorized action...

9.8CVSS7AI score0.00519EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.21 views

Hash Elements < 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Hash Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...

6.5CVSS5.8AI score0.00348EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.16 views

RT Easy Builder – Advanced addons for Elementor < 2.1 - Missing Authorization

Description The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to unauthorized plugin activation due to a missing capability check on the ajaxactivateplugins function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, wit...

8.8CVSS6.7AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.18 views

Carousel Anything For WPBakery Page Builder <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Carousel Anything For WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.12 views

Platinum SEO <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Platinum SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.7AI score0.00339EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.17 views

Modal Popup Box – Popup Builder, Show Offers And News in Popup < 1.5.3 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode

Description The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awlmodalpopupboxshortcode function. This makes it possible for...

8.8CVSS7.4AI score0.00893EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.13 views

Calendarista Basic Edition < 3.0.6 - Missing Authorization

Description The Calendarista Basic Edition plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.0.5. This makes it possible for unauthenticated attackers to perform an unauthorized action...

9.8CVSS6.6AI score0.00409EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.18 views

Comic Easel <= 1.15 - Reflected Cross-Site Scripting

Description The Comic Easel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.1CVSS6.3AI score0.00354EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.16 views

CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure

Description The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled...

5.3CVSS7AI score0.00425EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.11 views

PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov...

6.5CVSS5.8AI score0.00337EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.16 views

Responsive Image Gallery, Gallery Album <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.5CVSS6.9AI score0.00382EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.17 views

weForms < 1.6.21 - Missing Authorization

Description The weForms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handlefrontendsubmission function in versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to submit forms that are not open...

9.1CVSS6.6AI score0.0035EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.21 views

Better Comments < 1.5.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. From the WordPress menu on the...

5.5AI score0.00403EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.14 views

Jobeleon Theme < 1.9.2 - Reflected Cross-Site Scripting

Description The Jobeleon WPJobBoard theme for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.4AI score0.00372EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.11 views

Post-Plugin Library <= 2.6.2.1 - Reflected Cross-Site Scripting

Description The Post-Plugin Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.3AI score0.00354EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

Church Admin < 4.1.8 - Cross-Site Request Forgery

Description The Church Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.7. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request...

4.3CVSS6.5AI score0.00214EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.14 views

Strong Testimonials < 3.1.12 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed PoC Setup ...

5.2AI score0.00399EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.24 views

Chauffeur Taxi Booking System for WordPress < 7.3 - Unauthenticated Arbitrary File Upload

Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation, allowing unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible...

10CVSS10AI score0.00631EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

MP3 Audio Player for Music, Radio & Podcast by Sonaar < 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.8AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.13 views

Better Comments < 1.5.6 - Subscriber+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks. PoC 1. From the menu on the left, go into "Users" and edit Subscriber user. 2. Upload a new avatar image and click...

5.4CVSS5.6AI score0.00401EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.19 views

WPCS < 1.2.0.2 - Cross-Site Request Forgery

Description The WPCS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0.1. This is due to missing or incorrect nonce validation on the saveetalon function. This makes it possible for unauthenticated attackers to update the plugin's settings vi...

8.8CVSS6.4AI score0.00241EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.14 views

Slugs Manager < 2.7.0 - Cross-Site Request Forgery

Description The Slugs Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.7. This is due to missing or incorrect nonce validation on the maybeflushrewriterules function. This makes it possible for unauthenticated attackers to flush the...

4.3CVSS6.6AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.16 views

LWS Optimize < 2.0 - Cross-Site Request Forgery

Description The LWS Optimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.1. This is due to missing or incorrect nonce validation on the several functions. This makes it possible for unauthenticated attackers to perform unauthorized action...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.17 views

Limit Attempts by BestWebSoft < 1.3.0 - Reflected Cross-Site Scripting

Description The Limit Attempts by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

7.1CVSS6.3AI score0.00419EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

Move Addons for Elementor < 1.3.0 - Missing Authorization

Description The Move Addons for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to perform an unauthorized action...

7.3CVSS6.4AI score0.00284EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

Salon booking system < 9.5.1 - Unauthenticated Arbitrary File Upload

Description The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the saveitemimage function in all versions up to, and including, 9.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

10CVSS8.1AI score0.00668EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

WooCommerce Customers Manager < 29.8 - Reflected XSS

Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the HTML page/URLs below...

5.7AI score0.00315EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

CGC Maintenance Mode <= 1.2 - IP Spoofing

Description The CGC Maintenance Mode plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.2 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP address and bypass filtering...

3.7CVSS6.7AI score0.00479EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.19 views

All In One Redirection <= 2.2.0 - Reflected Cross-Site Scripting

Description The All In One Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

7.1CVSS6.3AI score0.00418EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.12 views

iFlyChat – WordPress Chat <= 4.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The iFlyChat – WordPress Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS5.8AI score0.00337EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

AI WP Writer < 3.6.5.6 - Missing Authorization

Description The AI WP Writer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 3.6.5. This makes it possible for unauthenticated attackers to perform a variety of unauthorized actions...

5.3CVSS6.6AI score0.00313EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

DX-Watermark <= 1.0.4 - Cross-Site Request Forgery

Description The DX-Watermark plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to upload arbitrary files and inject malicious web...

9.6CVSS6.3AI score0.00297EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.14 views

Spin 360 deg and 3D Model Viewer <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Spin 360 deg and 3D Model Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access...

6.5CVSS5.8AI score0.0034EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.13 views

Contact Forms by Cimatti <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00342EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.12 views

Social Author Bio <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Description The Social Author Bio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to inject malicious...

7.1CVSS6.7AI score0.00195EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.11 views

Whizzy <= 1.1.18 - Missing Authorization

Description The Whizzy plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.18. This makes it possible for unauthenticated attackers to perform an unauthorized action...

9.8CVSS6.4AI score0.00365EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.23 views

WP Hotel Booking < 2.0.9.3 - Improper Authorization on Multiple REST API Routes

Description The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to an improper capability check on the 'pricingplans', 'blockdate', 'managerbookings', and 'updatefieldroom' functions for the 'pricing-plans', 'block-date',...

6.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.23 views

YITH WooCommerce Account Funds Premium < 1.34.0 - Missing Authorization

Description The YITH WooCommerce Account Funds Premium plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.33.0. This makes it possible for authenticated attackers, with customer-level access and above, ...

8.8CVSS6.4AI score0.00384EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

GetResponse for WordPress <= 5.5.35 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

6.5CVSS6.3AI score0.0034EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

Import WP < 2.13.1 - Admin+ Server-side Request Forgery

Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. PoC 1. As an admin, create a new importer in /wp-admin/tools.php?page=importwp 2. Visit /wp-admin/admin-ajax.php?action=rest-nonce...

6.8AI score0.00568EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.13 views

Add Shortcodes Actions And Filters <= 2.10 - Reflected Cross-Site Scripting

Description The Add Shortcodes Actions And Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS6.5AI score0.00395EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.14 views

Print Page block < 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Print Page block plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.5CVSS5.8AI score0.00352EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14603