Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0061 | 1 Judge | 1 Product Reviews For Woocommerce | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4473 | 1 Widget Shortcode Project | 1 Widget Shortcode | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Widget Shortcode WordPress plugin through 0.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4471 | 1 Yarpp | 1 Yet Another Related Posts Plugin | 2023-02-22 | N/A | 5.4 MEDIUM |
| The YARPP WordPress plugin through 5.30.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2023-0075 | 1 Amazonjs Project | 1 Amazonjs | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4830 | 1 Paidmembershipspro | 1 Paid Memberships Pro | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4783 | 1 Youtube Channel Gallery Project | 1 Youtube Channel Gallery | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Youtube Channel Gallery WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0060 | 1 Responsive Gallery Grid Project | 1 Responsive Gallery Grid | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-25762 | 1 Jenkins | 1 Pipeline\ | 2023-02-22 | N/A | 5.4 MEDIUM |
| Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names. | |||||
| CVE-2023-25763 | 1 Jenkins | 1 Email Extension | 2023-02-22 | N/A | 5.4 MEDIUM |
| Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields. | |||||
| CVE-2023-25761 | 1 Jenkins | 1 Junit | 2023-02-22 | N/A | 5.4 MEDIUM |
| Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin. | |||||
| CVE-2023-25764 | 1 Jenkins | 1 Email Extension | 2023-02-22 | N/A | 5.4 MEDIUM |
| Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates. | |||||
| CVE-2022-4488 | 1 Widgets On Pages Project | 1 Widgets On Pages | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Widgets on Pages WordPress plugin through 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4551 | 1 Croover | 1 Rich Table Of Contents | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Rich Table of Contents WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4512 | 1 Better Font Awesome Project | 1 Better Font Awesome | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Better Font Awesome WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4562 | 1 Mekshq | 1 Meks Flexible Shortcodes | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4682 | 1 Wpgogo | 1 Lightbox-gallery | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4678 | 1 Templatesnext | 1 Templatesnext Toolkit | 2023-02-22 | N/A | 5.4 MEDIUM |
| The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4628 | 1 Wpplugin | 1 Easy Paypal Buy Now Button | 2023-02-22 | N/A | 5.4 MEDIUM |
| The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4656 | 1 Plugins-market | 1 Wp Visitor Statistics | 2023-02-22 | N/A | 5.4 MEDIUM |
| The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2023-25727 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-02-22 | N/A | 5.4 MEDIUM |
| In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. | |||||