Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0271 | 1 Wp Font Awesome Project | 1 Wp Font Awesome | 2023-02-27 | N/A | 5.4 MEDIUM |
| The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0231 | 1 Hasthemes | 1 Shoplentor | 2023-02-27 | N/A | 5.4 MEDIUM |
| The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0067 | 1 Timed Content Project | 1 Timed Content | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0059 | 1 Kainelabs | 1 Youzify | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4714 | 1 Wppool | 1 Wp Dark Mode | 2023-02-27 | N/A | 5.4 MEDIUM |
| The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack | |||||
| CVE-2022-4897 | 1 Ithemes | 1 Backupbuddy | 2023-02-27 | N/A | 6.1 MEDIUM |
| The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting | |||||
| CVE-2022-4752 | 1 Opening Hours Project | 1 Opening Hours | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Opening Hours WordPress plugin through 2.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4750 | 1 Wp Responsive Testimonials Slider And Widget Project | 1 Wp Responsive Testimonials Slider And Widget | 2023-02-27 | N/A | 5.4 MEDIUM |
| The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4777 | 1 Bootstrap Shortcodes Project | 1 Bootstrap Shortcodes | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4764 | 1 Simple File Downloader Project | 1 Simple File Downloader | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Simple File Downloader WordPress plugin through 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4754 | 1 Easy Social Box Project | 1 Easy Social Box | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4761 | 1 Post Views Count Project | 1 Post Views Count | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4786 | 1 Video.js Project | 1 Video.js | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4784 | 1 Presscustomizr | 1 Hueman Addons | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4785 | 1 Video Sidebar Widgets Project | 1 Video Sidebar Widgets | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4791 | 1 Essentialplugin | 1 Product Slider And Carousel With Category With Woocommerce | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2019-17003 | 1 Mozilla | 1 Firefox | 2023-02-27 | N/A | 6.1 MEDIUM |
| Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed. | |||||
| CVE-2023-22638 | 1 Fortinet | 1 Fortinac | 2023-02-27 | N/A | 5.4 MEDIUM |
| Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. | |||||
| CVE-2020-13827 | 1 Phplist | 1 Phplist | 2023-02-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | |||||
| CVE-2022-41334 | 1 Fortinet | 1 Fortios | 2023-02-27 | N/A | 6.1 MEDIUM |
| An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked. | |||||