U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): wordpress
There are 8,718 matching records.
Displaying matches 3,001 through 3,020.
Vuln ID Summary CVSS Severity
CVE-2023-0541

The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:13 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0540

The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:13 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0492

The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: February 21, 2023; 4:15:13 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0453

The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.

Published: February 21, 2023; 4:15:13 AM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-0442

The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL.

Published: February 21, 2023; 4:15:12 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-0429

The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Published: February 21, 2023; 4:15:12 AM -0500
V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-0428

The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Published: February 21, 2023; 4:15:12 AM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-0419

The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:12 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0380

The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:12 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0378

The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:12 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0375

The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:12 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0372

The EmbedStories WordPress plugin before 0.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: February 21, 2023; 4:15:12 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0371

The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: February 21, 2023; 4:15:12 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0366

The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Published: February 21, 2023; 4:15:12 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0285

The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:12 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0271

The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:12 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0232

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.

Published: February 21, 2023; 4:15:12 AM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-0231

The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:12 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0067

The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-0059

The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Published: February 21, 2023; 4:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)