Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Wordpress
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-0067 |
The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0059 |
The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4897 |
The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-4791 |
The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4786 |
The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4785 |
The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4784 |
The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4777 |
The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4764 |
The Simple File Downloader WordPress plugin through 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4761 |
The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4754 |
The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4752 |
The Opening Hours WordPress plugin through 2.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4750 |
The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4714 |
The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4669 |
The Page Builder: Live Composer WordPress plugin before 1.5.23 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 21, 2023; 4:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4666 |
The Markup (JSON-LD) structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 21, 2023; 4:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4622 |
The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4386 |
The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack Published: February 21, 2023; 4:15:10 AM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2022-4385 |
The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order Published: February 21, 2023; 4:15:10 AM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2020-36656 |
The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks. Published: February 21, 2023; 4:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |