Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.16 views

WP Post Disclaimer < 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Post Disclaimer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the content disclaimer in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.18 views

SEO Backlink Monitor < 1.6.0 - Reflected Cross-Site Scripting

Description The SEO Backlink Monitor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

SecuPress Free — WordPress Security < 2.2.5.2 - Cross-Site Request Forgery to Banned IP Address

Description The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for...

4.3CVSS6.8AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.19 views

Fancy Comments WordPress < 1.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Fancy Comments WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's facebookcommentsshortcode shortcode function in all versions up to, and including, 1.2.14 due to insufficient input sanitization and output escaping on user supplied...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

Post Grid, Slider & Carousel Ultimate < 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Post Grid, Slider & Carousel Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.18 views

Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more < 4.5.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 4.5.24 due to insufficient input sanitization and...

6.5CVSS5.9AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.13 views

WP Change Email Sender < 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WP Change Email Sender plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject...

5.9CVSS5.8AI score0.00359EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.10 views

ReDi Restaurant Reservation < 24.0303 - Reflected Cross-Site Scripting

Description The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 24.0128 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

7.1CVSS6.5AI score0.00372EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.18 views

Slider Hero < 8.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Slider Hero with Animation, Video Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.9CVSS5.7AI score0.00338EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.17 views

EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload

Description The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the galleryadd function. This makes it possible for unauthenticated...

8.8CVSS6.3AI score0.00414EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.15 views

Exclusive Addons Elementor < 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Exclusive Addons Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.18 views

iCalendrier < 1.81 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The iCalendrier plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.9AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.19 views

Photo Gallery by Supsystic < 1.15.17 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Photo Gallery by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.15.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.21 views

RoyalSlider < 3.4.3 - Reflected Cross-Site Scripting

Description The RoyalSlider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

Frontend Dashboard < 2.2.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The Frontend Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

6.5CVSS5.9AI score0.0036EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.16 views

StreamWeasels Twitch Integration < 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access...

6.5CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.17 views

WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels < 4.4.1 - Reflected Cross-Site Scripting

Description The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting parameter in versions up to, and including, 4.4.0 due to insufficient input sanitization and output escaping. This makes it possible for...

7.1CVSS6.3AI score0.00397EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.12 views

RegistrationMagic < 5.3.1.0 - Cross-Site Request Forgery

Description The RegistrationMagic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action...

4.3CVSS6.5AI score0.00218EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.14 views

List category posts < 0.89.7 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode due to insufficient input sanitization and output escaping on user supplied attributes like 'titletag'. This makes it possible for authenticated attackers with contributor-level and above...

6.4CVSS5.8AI score0.0045EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.12 views

Master Addons for Elementor < 2.0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.5.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a...

6.5CVSS5.9AI score0.00343EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.14 views

Photo Gallery by Ays < 5.5.3 - Reflected Cross-Site Scripting

Description The Photo Gallery by Ays plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

7.1CVSS6.5AI score0.00394EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.22 views

Hot Random Image < 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...

6.5CVSS5.9AI score0.00348EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.17 views

Locatoraid Store Locator < 3.9.31 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.9.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00359EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.14 views

WP Fast Total Search < 1.60.213 - Authenticated (Contributor+) Stored Cross-Site Scripting via WPFTS Live Search Widget

Description The WP Fast Total Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the WPFTS Live Search widget in versions up to, and including, 1.59.211 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.18 views

Tutor LMS Elementor Addons < 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.13 views

WP-Lister Lite for Amazon < 2.6.9 - Reflected Cross-Site Scripting

Description The WP-Lister Lite for Amazon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

7.1CVSS6.3AI score0.00398EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.12 views

WishSuite < 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WishSuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.9AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.17 views

Survey Maker < 4.0.7 - Reflected Cross-Site Scripting

Description The Survey Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.12 views

GS Pins for Pinterest < 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shorcode

Description The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping o...

5.9AI score0.00271EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

Grid Shortcodes < 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Grid Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...

6.5CVSS5.9AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.19 views

WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The WordPress Meta Data and Taxonomies Filter MDTF plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

7.1CVSS5.8AI score0.00421EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.21 views

Off-Canvas Sidebars & Menus (Slidebars) < 0.5.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Off-Canvas Sidebars & Menus Slidebars plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.5CVSS5.9AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.16 views

WordPress Importer < 1.0.5 - Reflected Cross-Site Scripting

Description The WordPress Importer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.1CVSS6.3AI score0.00397EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.12 views

Web Icons < 1.0.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Web Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.0.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.5CVSS5.9AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.13 views

EventPrime < 3.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The EventPrime plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.9AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

ElementsKit Elementor addons < 3.0.7 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the button ID parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will...

6.4CVSS5.8AI score0.0035EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.15 views

Premium Packages < 5.8.3 - Reflected Cross-Site Scripting

Description The Premium Packages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.1CVSS6.4AI score0.00354EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.13 views

Gratisfaction < 4.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Gratisfaction plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...

6.5CVSS5.9AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.15 views

MailChimp Forms by MailMunch < 3.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.5CVSS5.9AI score0.00357EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.14 views

Simply Static < 3.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Simply Static plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.7AI score0.00342EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.14 views

WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WordPress Meta Data and Taxonomies Filter MDTF plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.8AI score0.00334EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.11 views

Creative Addons for Elementor < 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Creative Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.5.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00327EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.15 views

Travelers' Map < 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Travelers' Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

WP-Members Membership Plugin < 3.4.9.3 - Unauthenticated Stored Cross-Site Scripting

Description The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6.1AI score0.00675EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.21 views

Molongui < 4.7.8 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrar...

6.5CVSS5.9AI score0.0036EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.12 views

WP-Lister Lite for Amazon < 2.6.12 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WP-Lister Lite for Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00357EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.14 views

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin < 1.26.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Block HTML in all versions up to, and including, 1.26.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.5CVSS5.7AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.16 views

WPFront Notification Bar < 3.4 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

5.9CVSS5.7AI score0.00338EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.17 views

Shipping with Venipak for WooCommerce < 1.19.6 - Reflected Cross-Site Scripting via 'venipak_labels_link'

Description The Shipping with Venipak for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'venipaklabelslink' parameter in versions up to, and including, 1.19.5 due to insufficient input sanitization and output escaping. This makes it possible for...

7.1CVSS6.5AI score0.00372EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.15 views

Buddypress Moderation <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting

Description The Buddypress Moderation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.3CVSS6.2AI score0.00351EPSS
Exploits0References1
Total number of security vulnerabilities14603