U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Wordpress
  • Search Type: Search All
There are 8,340 matching records.
Displaying matches 2,641 through 2,660.
Vuln ID Summary CVSS Severity
CVE-2023-0067

The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0059

The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4897

The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-4791

The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4786

The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4785

The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4784

The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4777

The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4764

The Simple File Downloader WordPress plugin through 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4761

The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4754

The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4752

The Opening Hours WordPress plugin through 2.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4750

The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4714

The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4669

The Page Builder: Live Composer WordPress plugin before 1.5.23 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:10 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4666

The Markup (JSON-LD) structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:10 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4622

The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: February 21, 2023; 4:15:10 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4386

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack

Published: February 21, 2023; 4:15:10 AM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2022-4385

The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order

Published: February 21, 2023; 4:15:10 AM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2020-36656

The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.

Published: February 21, 2023; 4:15:10 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)