Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): wordpress
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-0099 |
The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Published: February 13, 2023; 10:15:20 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-0098 |
The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber. Published: February 13, 2023; 10:15:20 AM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-0080 |
The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability. Published: February 13, 2023; 10:15:20 AM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-0075 |
The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 13, 2023; 10:15:20 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0061 |
The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 13, 2023; 10:15:20 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0060 |
The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 13, 2023; 10:15:20 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0034 |
The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 13, 2023; 10:15:20 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4830 |
The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: February 13, 2023; 10:15:20 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4783 |
The Youtube Channel Gallery WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 13, 2023; 10:15:19 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4759 |
The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 13, 2023; 10:15:19 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4745 |
The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example. Published: February 13, 2023; 10:15:19 AM -0500 |
V3.1: 7.1 HIGH V2.0:(not available) |
CVE-2022-4682 |
The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 13, 2023; 10:15:19 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4678 |
The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 13, 2023; 10:15:19 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4656 |
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Published: February 13, 2023; 10:15:18 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4628 |
The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 13, 2023; 10:15:18 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4580 |
The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 13, 2023; 10:15:18 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4562 |
The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: February 13, 2023; 10:15:17 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4551 |
The Rich Table of Contents WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 13, 2023; 10:15:17 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4546 |
The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. Published: February 13, 2023; 10:15:17 AM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2022-4512 |
The Better Font Awesome WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 13, 2023; 10:15:17 AM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |