Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.20 views

Avada < 7.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.4CVSS5.9AI score0.00688EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.144 views

Avada < 7.11.7 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing

Description The Avada theme for WordPress is vulnerable to Sensitive Information Exposure via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. PoC Acce...

5.3CVSS5.5AI score0.27997EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.17 views

Visualizer < 3.10.6 - Reflected Cross-Site Scripting

Description The Visualizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00445EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.20 views

WPFunnels < 3.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible...

5.9CVSS5.6AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.28 views

Avada < 7.11.7 - Authenticated (Contributor+) Server-Side Request Forgery via form_to_url_action

Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the formtourlaction function. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS6.5AI score0.00517EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.16 views

Multiple Page Generator Plugin – MPG < 3.4.1 - Authenticated (Editor+) Remote Code Execution

Description The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with editor-level access and above, to execute code on the server...

9.1CVSS7.9AI score0.00603EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.18 views

Builder for WooCommerce reviews shortcodes – ReviewShort < 1.01.4 - Cross-Site Request Forgery

Description The Builder for WooCommerce reviews shortcodes – ReviewShort plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.01.3. This is due to missing or incorrect nonce validation on the wprshrtcdredirect function. This makes it possible for...

4.3CVSS6.4AI score0.00202EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.12 views

Evergreen Content Poster < 1.4.2 - Reflected Cross-Site Scripting

Description The Evergreen Content Poster plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.3AI score0.00398EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.27 views

YITH WooCommerce Product Add-Ons < 4.6.0 - Unuathenticated Cross-Site Scripting

Description The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.5AI score0.00398EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.27 views

OxyExtras < 1.4.5 - Unauthenticated Cross-Site Scripting

Description The OxyExtras plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute...

7.1CVSS6.3AI score0.00372EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.22 views

Barcode Scanner with Inventory & Order Manager < 1.5.4 - Reflected Cross-Site Scripting

Description The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.3AI score0.00379EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.50 views

Avada < 7.11.7 - Authenticated (Admin+) SQL Injection via entry

Description The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.2CVSS7.3AI score0.00828EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.12 views

Zippy < 1.6.10 - Authenticated (Editor+) Arbitrary File Upload

Description The Zippy plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ZippyCore.php file in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with editor-level access and above, to upload arbitrary...

8.8CVSS7.6AI score0.00606EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.13 views

Extensions For CF7 < 3.0.7 - Unauthenticated Stored Cross-Site Scripting

Description The Extensions For CF7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...

7.1CVSS6AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.24 views

WordPress Ping Optimizer <= 2.35.1.3.0 - Log Clearing via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs. PoC Make a logged in admin open the URL below...

6.5AI score0.00225EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.13 views

AntiSpam for Contact Form 7 < 0.6.1 - Reflected Cross-Site Scripting

Description The AntiSpam for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

7.1CVSS6.3AI score0.00334EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.14 views

Sitekit < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

6.5CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.24 views

Super Page Cache for Cloudflare < 4.7.6 - Cross-Site Request Forgery

Description The Super Page Cache for Cloudflare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7.5. This is due to missing or incorrect nonce validation on the adminmenupageindex function. This makes it possible for unauthenticated attackers t...

7.1CVSS6.6AI score0.00186EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.18 views

Specific Content For Mobile – Customize the mobile version without redirections < 0.1.9.6 - Reflected Cross-Site Scripting

Description The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for...

7.1CVSS6.4AI score0.00392EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.13 views

RegistrationMagic < 5.2.6.0 - Reflected Cross-Site Scripting

Description The RegistrationMagic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

7.1CVSS6.3AI score0.00422EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.10 views

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin < 1.6.7.9 - Authenticated (Subscriber+) SQL Injection

Description The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

8.8CVSS7.5AI score0.00598EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.13 views

WP Popups < 2.1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

5.9CVSS5.7AI score0.00339EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.11 views

Contact Forms by Cimatti < 1.8.0 - Unauthenticated Stored Cross-Site Scripting

Description The Contact Forms by Cimatti plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6AI score0.00398EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.13 views

Invitation Code Content Restriction Plugin from CreativeMinds < 1.5.5 - Reflected Cross-Site Scripting

Description The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘targetid’ parameter in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS6.6AI score0.00489EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.17 views

Advanced Sermons < 3.3 - Reflected Cross-Site Scripting

Description The Advanced Sermons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sermondates' parameter in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS6.4AI score0.00397EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.16 views

Modal Window – create popup modal window < 5.3.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.6AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.14 views

Link Library < 7.6.1 - Reflected Cross-Site Scripting

Description The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00422EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.18 views

The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS

Description The plugin does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks PoC As a contributor,...

9AI score0.00495EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.16 views

WooCommerce Cloak Affiliate Links < 1.0.34 - Missing Authorization to Unauthenticated Permalink Modification

Description The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalinksettingssave' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to...

7.5CVSS6.6AI score0.00748EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.15 views

JetWidgets For Elementor < 1.0.17 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Button URL

Description The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.12 views

Coupon Affiliates < 5.12.8 - Reflected Cross-Site Scripting

Description The Coupon Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.12.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.1CVSS6.5AI score0.00402EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.11 views

Crisp < 0.45 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The Crisp plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.44 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrar...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.13 views

WP Calameo < 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Calameo plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.14 views

WooCommerce License Manager < 5.3.2 - Reflected Cross-Site Scripting

Description The WooCommerce License Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

7.1CVSS6.3AI score0.00376EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.16 views

Plugin Permalink < 2.4.3.2 - Missing Authorization via get_uri_editor

Description The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of a...

4.3CVSS6.5AI score0.00623EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.69 views

Automatic < 3.92.1 - Unauthenticated SQL Injection

Description The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

9.9CVSS7.4AI score0.93971EPSS
Exploits16References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.16 views

Scrollsequence < 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Scrollsequence plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.15 views

GamiPress – Button < 1.0.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipressbutton' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.7AI score0.00435EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.23 views

Everest Forms < 2.0.8 - Unauthenticated Server-Side Request Forgery via font_url

Description The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery via the 'fonturl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify...

7.2CVSS6.5AI score0.00536EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.22 views

Advanced Classifieds & Directory Pro < 3.1.2 - Missing Authorization to Arbitrary Attachment Deletion

Description The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaxcallbackdeleteattachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with...

4.3CVSS6.5AI score0.00539EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.26 views

Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access

Description The plugin does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts PoC Open one of the below URL as an unauthenticated user and note that password protected posts are disclosed...

6.7AI score0.16906EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.19 views

Easy Maintenance Mode <= 1.4.2 - Information Exposure

Description The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection...

5.3CVSS6.5AI score0.00435EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.13 views

WPBITS Addons For Elementor Page Builder <= 1.3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's heading widget in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

6.4CVSS5.7AI score0.00452EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.16 views

WooCommerce POS < 1.4.12 - Insufficient Verification of Data Authenticity to Authenticated (Customer+) Information Disclosure

Description The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers,...

4.3CVSS6.3AI score0.0027EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.22 views

Woomotiv < 3.5.0 - Review Count Reset via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'ajaxcancelreview' function. This makes it possible for unauthenticated attackers to reset the site's review count via a forged request granted they can trick a site administrato...

4.3CVSS4.7AI score0.00253EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.18 views

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates < 4.5.4 - Contributor+ Stored XSS

Description The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates is vulnerable to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes such as listStyle. This makes it possible for...

6.4CVSS5.8AI score0.00559EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.10 views

RevivePress < 1.5.6.1 - Subscriber+ Settings Update/Access

Description The plugin is vulnerable to unauthorized access and modification of data due to a missing capability check on the importdata and copydata functions. This makes it possible for authenticated attackers, with subscriber-level access or higher, to overwrite plugin settings and view them...

4.3CVSS5.3AI score0.00419EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.15 views

Gum Elementor Addon < 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Widget

Description The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00435EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.14 views

Standout Color Boxes and Buttons <= 0.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS5.9AI score0.004EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.19 views

Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms < 1.82.6 - SQL Injection to Reflected Cross-Site Scripting via integration_id

Description The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via the ‘integrationid’ parameter in all versions up to, and including, 1.82.0 due to insufficient escaping on the user...

6.1CVSS7.9AI score0.01653EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities14603