) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Wordpress
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-0371 |
The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:12 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-0366 |
The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:12 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-0285 |
The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks. Published: February 21, 2023; 4:15:12 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-0271 |
The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 21, 2023; 4:15:12 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-0232 |
The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection. Published: February 21, 2023; 4:15:12 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2023-0231 |
The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 21, 2023; 4:15:12 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-0067 |
The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-0059 |
The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-4897 |
The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-4791 |
The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-4786 |
The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-4785 |
The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-4784 |
The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-4777 |
The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-4764 |
The Simple File Downloader WordPress plugin through 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-4761 |
The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-4754 |
The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-4752 |
The Opening Hours WordPress plugin through 2.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-4750 |
The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-4714 |
The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |