Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/03/21 12:0 a.m.19 views

Cards for Beaver Builder < 1.1.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via bootstrapcard link

Description The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.6AI score0.00343EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/21 12:0 a.m.11 views

WP Compress – Image Optimizer < 6.11.11 - Missing Authorization to Unauthenticated CDN Modification

Description The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpslocalcompress::construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers...

7.5CVSS6.6AI score0.00718EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/21 12:0 a.m.19 views

Elementor Addon Elements < 1.12.11 - Contributor+ Stored XSS

Description The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-wts-url' value due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/21 12:0 a.m.16 views

Easy Property Listings < 3.5.3 - Authenticated(Contributor+) SQL Injection via Shortcode

Description The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘propertystatus’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

8.8CVSS7.2AI score0.00773EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/21 12:0 a.m.11 views

WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels < 4.4.2 - Unauthenticated Stored Cross-Site Scripting

Description The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This...

6.1CVSS6AI score0.00374EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/21 12:0 a.m.17 views

Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read

Description The plugin does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts PoC When logged in as a subscriber, open the following URL and note that the...

6.5AI score0.00451EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/21 12:0 a.m.16 views

360 Javascript Viewer < 1.7.13 - Missing Authorization to Plugin Settings Update

Description The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with...

4.3CVSS4.7AI score0.00497EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/21 12:0 a.m.14 views

ColorMag < 3.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name

Description The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level...

6.4CVSS5.9AI score0.00424EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/21 12:0 a.m.13 views

File Manager < 7.2.5 - Cross-Site Request Forgery to Local JS File Inclusion

Description The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local...

8.8CVSS6.3AI score0.10651EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.21 views

WP Fusion Lite < 3.42.10 - Authenticated (Contributor+) Remote Code Execution

Description The WP Fusion Lite – Marketing Automation and CRM Integration for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.41.24. This makes it possible for authenticated attackers, with contributor-level access and above, to execut...

9.9CVSS7.5AI score0.01626EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.13 views

GiveWP – Donation Plugin and Fundraising Platform < 3.6.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.8AI score0.00427EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.14 views

WooThumbs for WooCommerce by Iconic < 5.5.4 - Reflected Cross-Site Scripting

Description The WooThumbs for WooCommerce by Iconic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS6.3AI score0.00376EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.15 views

wp-mpdf < 3.8 - Reflected Cross-Site Scripting

Description The wp-mpdf plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execu...

7.1CVSS6.2AI score0.00397EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.14 views

Automatic < 3.92.1 - Cross-Site Request Forgery to Privilege Escalation

Description The Automatic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.92.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to escalate their privileges via a forged...

8.3CVSS6.5AI score0.00274EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.17 views

WooCommerce Google Feed Manager < 2.3.0 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Description The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop...

5.9CVSS5.7AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.21 views

Survey Maker < 4.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Survey Maker – Best WordPress Survey Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.9CVSS5.8AI score0.00336EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.21 views

Popup Maker – Popup for opt-ins, lead gen, & more < 1.18.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.18 views

The Moneytizer < 9.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The The Moneytizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 9.5.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.5CVSS5.5AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.18 views

Permalink Manager Lite and Permalink Manager pro < 2.4.3.2 - Reflected Cross-Site Scripting

Description The Permalink Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.2AI score0.00604EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.12 views

Site Reviews < 6.11.7 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.11.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject...

5.9CVSS5.8AI score0.00325EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.19 views

WP SendFox < 1.3.1 - Missing Authorization

Description The WP SendFox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the gbsf4wpprocesssync function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to process...

5.4CVSS6.7AI score0.00305EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.19 views

Calendarista Basic Edition < 3.0.3 - Unauthenticated Cross-Site Scripting

Description The Calendarista Basic Edition plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.1CVSS6.3AI score0.00373EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.17 views

Database for Contact Form 7 < 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Database for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

7.1CVSS5.9AI score0.00334EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.18 views

Visual Composer Website Builder < 45.7.0 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 45.6.0 due to insufficient input sanitization and...

5.9CVSS5.9AI score0.00345EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.17 views

DSGVO All in one for WP < 4.4 - Cross-Site Request Forgery

Description The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3. This is due to missing or incorrect nonce validation on the dsgvoajaxremoveusrip function. This makes it possible for unauthenticated attackers to remove...

8.8CVSS6.6AI score0.00227EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.19 views

Permalink Manager Lite < 2.4.3.1 - Reflected Cross-Site Scripting

Description The Permalink Manager Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.3AI score0.00398EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.18 views

Free Downloads WooCommerce < 3.5.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Free Downloads WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS5.7AI score0.00312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.18 views

Cryptocurrency Widgets – Price Ticker & Coins List < 2.6.9 - Missing Authorization

Description The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to unauthorized access due to an insufficient capability check on the ccpwposttype function in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with...

4.7CVSS6.7AI score0.00402EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.14 views

WEN Responsive Columns < 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WEN Responsive Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

6.5CVSS5.9AI score0.00312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.20 views

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin < 1.6.7.9 - Authenticated (Contributor+) SQL Injection via Shortcode

Description The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customerid parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of...

8.8CVSS7.5AI score0.00594EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.16 views

Smart Online Order for Clover < 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS5.9AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.16 views

SupportCandy < 3.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The SupportCandy plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject...

6.5CVSS5.9AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.26 views

Pie Register <= 3.8.3.1 - Unauthenticated Arbitrary File Upload

Description The Pie Register plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the piesaveregistration function in versions up to, and including, 3.8.3.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affect...

10CVSS8.1AI score0.00612EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.21 views

Email Subscription Popup < 1.2.21 - Unauthenticated Stored Cross-Site Scripting

Description The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '$email' parameter in versions up to, and including, 1.2.20 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.2AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.27 views

Quiz And Survey Master < 8.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.2 due to insufficient input sanitization and output escaping. This makes it...

5.9CVSS5.7AI score0.00338EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.28 views

Premmerce Permalink Manager for WooCommerce < 2.3.11 - Unauthenticated Local File Inclusion

Description The Premmerce Permalink Manager for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...

8.3CVSS8.2AI score0.0146EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.64 views

Automatic < 3.92.1 - Unauthenticated Arbitrary File Download and Server-Side Request Forgery

Description The WordPress Automatic Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery and Arbitrary File Downloads in all versions up to, and including, 3.92.0. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from...

9.3CVSS6.5AI score0.72953EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.18 views

HT Easy GA4 ( Google Analytics 4 ) < 1.1.8 - Reflected Cross-Site Scripting

Description The HT Easy GA4 Google Analytics 4 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘functionorparam’ parameter in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.1CVSS6.4AI score0.00398EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.9 views

Ticket Tailor < 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Ticket Tailor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.16 views

Five Star Restaurant Menu < 2.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Five Star Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.11 views

User profile < 2.0.21 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The User profile plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject...

6.3CVSS5.8AI score0.00376EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.20 views

FV Flowplayer Video Player < 7.5.44.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.5.41.7212 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access...

6.5CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.11 views

Contact Form 7 – PayPal & Stripe Add-on < 2.1 - Reflected Cross-Site Scripting

Description The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

7.1CVSS6.3AI score0.00398EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.13 views

MJM Clinic < 1.1.23 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The MJM Clinic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.1.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...

6.5CVSS5.7AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.8 views

Link Whisper Free < 0.6.9 - Reflected Cross-Site Scripting

Description The Link Whisper Free plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.1CVSS6.1AI score0.00394EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.25 views

APIExperts Square for WooCommerce < 4.3 - Reflected Cross-Site Scripting

Description The APIExperts Square for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.1CVSS6.4AI score0.0037EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.10 views

PropertyHive < 2.0.10 - Authenticated (Subscriber+) PHP Object Injection

Description The PropertyHive plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.9 via deserialization of untrusted input through the 'body' parameter. This makes it possible for attackers, with subscriber-level access and above, to inject a PHP...

8.8CVSS7.2AI score0.00376EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.15 views

WP Responsive Tabs horizontal vertical and accordion Tabs < 1.1.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.5CVSS5.5AI score0.00312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.17 views

Table & Contact Form 7 Database – Tablesome < 1.0.28 - Reflected Cross-Site Scripting

Description The Table & Contact Form 7 Database – Tablesome plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.4AI score0.00419EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.15 views

ARMember < 4.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.23 due to insufficient input sanitization and output escaping...

5.9CVSS5.7AI score0.00334EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14603