Shariff Wrapper@* Security Vulnerabilities and Issues — Shariff Wrapper@* CVE List

Lucene search

DatenverwurstungszentraleShariff Wrapper*

7 matches found

CVE•added 2024/02/27 9:15 a.m.•5720 views

CVE-2024-1106

The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

6.1CVSS5.7AI score0.00193EPSS

CVE•added 2024/03/19 3:15 p.m.•50 views

CVE-2024-29109

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jan-Peter Lambeck & 3UU Shariff Wrapper allows Stored XSS.This issue affects Shariff Wrapper: from n/a through 4.6.10.

6.5CVSS6.4AI score0.00051EPSS

CVE•added 2024/06/20 7:15 a.m.•49 views

CVE-2024-4098

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...

9.8CVSS10AI score0.03147EPSS

CVE•added 2024/06/15 9:15 a.m.•38 views

CVE-2024-2695

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'. This...

6.4CVSS5.9AI score0.00064EPSS

CVE•added 2024/03/21 2:50 a.m.•37 views

CVE-2023-6500

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as 'secondarycolor' and 'maincolor'. Thi...

6.4CVSS7.6AI score0.00094EPSS

CVE•added 2024/03/21 2:51 a.m.•32 views

CVE-2024-0966

6.4CVSS7.7AI score0.00109EPSS

CVE•added 2024/03/21 2:51 a.m.•30 views

CVE-2024-1450

The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'align'. This makes it possible for ...

6.4CVSS7.6AI score0.00109EPSS