Search Results (Refine Search)
- Keyword (text search): wordpress
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-4897 |
The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2022-4791 |
The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4786 |
The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4785 |
The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4784 |
The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4777 |
The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4764 |
The Simple File Downloader WordPress plugin through 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4761 |
The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4754 |
The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4752 |
The Opening Hours WordPress plugin through 2.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4750 |
The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4714 |
The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack Published: February 21, 2023; 4:15:11 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4669 |
The Page Builder: Live Composer WordPress plugin before 1.5.23 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 21, 2023; 4:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4666 |
The Markup (JSON-LD) structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 21, 2023; 4:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4622 |
The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 21, 2023; 4:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4386 |
The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack Published: February 21, 2023; 4:15:10 AM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2022-4385 |
The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order Published: February 21, 2023; 4:15:10 AM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2020-36656 |
The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks. Published: February 21, 2023; 4:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2016-15027 |
A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.19 is able to address this issue. The name of the patch is ca67c05e490c0cf93a1e9b2d93bfeff3dd96f594. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221496. Published: February 20, 2023; 12:15:11 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2012-10007 |
A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The patch is named 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479. Published: February 19, 2023; 11:15:16 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |