Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Wordpress
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-0603 |
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Published: May 08, 2023; 10:15:11 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-0544 |
The WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) Published: May 08, 2023; 10:15:11 AM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-0542 |
The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: May 08, 2023; 10:15:11 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0537 |
The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: May 08, 2023; 10:15:11 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0536 |
The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: May 08, 2023; 10:15:11 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0526 |
The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: May 08, 2023; 10:15:11 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0522 |
The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Published: May 08, 2023; 10:15:11 AM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-0514 |
The Membership Database WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Published: May 08, 2023; 10:15:11 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-0421 |
The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link. Published: May 08, 2023; 10:15:11 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-0280 |
The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: May 08, 2023; 10:15:11 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0268 |
The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: May 08, 2023; 10:15:11 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0267 |
The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: May 08, 2023; 10:15:10 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4118 |
The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users Published: May 08, 2023; 10:15:10 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-25021 |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FareHarbor FareHarbor for WordPress plugin <= 3.6.6 versions. Published: May 08, 2023; 8:15:09 AM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2017-20183 |
A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The patch is identified as 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability. Published: May 04, 2023; 9:15:08 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-26017 |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.10.2 versions. Published: May 03, 2023; 12:15:10 PM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-23708 |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions. Published: May 03, 2023; 9:15:10 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-22713 |
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions. Published: May 03, 2023; 8:16:45 AM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-25797 |
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions. Published: May 03, 2023; 7:15:13 AM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-1196 |
The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. Published: May 02, 2023; 5:15:09 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |