Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): XSS Wordpress
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-23508 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster – PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster – PDF Embedder Plugin for WordPress: from n/a through 2.1.17. Published: January 31, 2024; 11:15:47 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-7089 |
The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Published: January 29, 2024; 10:15:09 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6503 |
The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. Published: January 29, 2024; 10:15:09 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-7084 |
The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks Published: January 16, 2024; 11:15:14 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-7083 |
The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Published: January 16, 2024; 11:15:13 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0824 |
The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. Published: January 16, 2024; 11:15:10 AM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-0479 |
The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the edit_others_shop_orders capability. WooCommerce must be installed and active. This vulnerability is caused by a urldecode() after cleanup with esc_url_raw(), allowing double encoding. Published: January 16, 2024; 11:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-3194 |
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators. Published: January 16, 2024; 11:15:09 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-1618 |
The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads Published: January 16, 2024; 11:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-1617 |
The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them Published: January 16, 2024; 11:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2021-24567 |
The Simple Post WordPress plugin through 1.1 does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. Published: January 16, 2024; 11:15:09 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6529 |
The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities. Published: January 08, 2024; 2:15:10 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-6141 |
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks. Published: January 08, 2024; 2:15:10 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-52124 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs – Responsive Tabs Plugin for WordPress: from n/a through 2.2.0. Published: January 05, 2024; 7:15:09 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-6000 |
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. Published: January 01, 2024; 10:15:43 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-50893 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza – WordPress Website and WooCommerce Builder: from n/a through 8.17.4. Published: December 29, 2023; 7:15:45 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-50892 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1. Published: December 29, 2023; 7:15:45 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-50891 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress – Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress – Zoho Forms: from n/a through 3.0.1. Published: December 29, 2023; 7:15:45 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-50889 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder – WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder – WordPress Page Builder: from n/a through 2.7.2. Published: December 29, 2023; 7:15:45 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-50879 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784. Published: December 29, 2023; 7:15:44 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |