Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): wordpress
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-0146 |
The Naver Map WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 06, 2023; 3:15:13 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0144 |
The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 06, 2023; 3:15:13 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0143 |
The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: February 06, 2023; 3:15:13 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0096 |
The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 06, 2023; 3:15:13 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0095 |
The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0082 |
The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0081 |
The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0072 |
The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0070 |
The ResponsiveVoice Text To Speech WordPress plugin before 1.7.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-0062 |
The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4838 |
The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4836 |
The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4833 |
The YourChannel: Everything you want in a YouTube plugin WordPress plugin before 1.2.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4826 |
The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4825 |
The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4824 |
The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4762 |
The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4756 |
The My YouTube Channel WordPress plugin before 3.23.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4747 |
The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4717 |
The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Published: February 06, 2023; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |