Lucene search

Collapse-O-Matic Security Vulnerabilities - 2023

cve

CVE-2022-4475

The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-23 03:15 PM

cve

CVE-2023-32578

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Twinpictures Column-Matic plugin <= 1.3.3 versions.

6.5CVSS

5.2AI Score

0.001EPSS

2023-09-04 12:15 PM

cve

CVE-2023-40669

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in twinpictures, baden03 Collapse-O-Matic plugin <= 1.8.5.5 versions.

6.5CVSS

5.3AI Score

0.0005EPSS

2023-09-27 03:19 PM