Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0178 | 1 Twinpictures | 1 Annual Archive | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0236 | 1 Themeum | 1 Tutor Lms | 2023-02-14 | N/A | 6.1 MEDIUM |
| The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-0174 | 1 Rextheme | 1 Wp Vr | 2023-02-14 | N/A | 5.4 MEDIUM |
| The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0173 | 1 Getwpfunnels | 1 Drag \& Drop Sales Funnel Builder | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0171 | 1 Twinpictures | 1 Jquery T\(-\) Countdown Widget | 2023-02-14 | N/A | 5.4 MEDIUM |
| The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0170 | 1 Bplugins | 1 Html5 Audio Player | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0147 | 1 Flexible Captcha Project | 1 Flexible Captcha | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Flexible Captcha WordPress plugin through 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0153 | 1 Vimeo Video Autoplay Automute Project | 1 Vimeo Video Autoplay Automute | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0154 | 1 Gamipress | 1 Gamipress | 2023-02-14 | N/A | 5.4 MEDIUM |
| The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0148 | 1 Vilyon | 1 Gallery Factory Lite | 2023-02-14 | N/A | 5.4 MEDIUM |
| The Gallery Factory Lite WordPress plugin through 2.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0149 | 1 Wordprezi Project | 1 Wordprezi | 2023-02-14 | N/A | 5.4 MEDIUM |
| The WordPrezi WordPress plugin through 0.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4677 | 1 Mapsmarker | 1 Leaflet Maps Marker | 2023-02-13 | N/A | 5.4 MEDIUM |
| The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4670 | 1 Pdf.js Viewer Project | 1 Pdf.js Viewer | 2023-02-13 | N/A | 5.4 MEDIUM |
| The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4626 | 1 Passwordprotectwp | 1 Password Protect Wordpress | 2023-02-13 | N/A | 5.4 MEDIUM |
| The PPWP WordPress plugin before 1.8.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2017-20177 | 1 Wangguard Project | 1 Wangguard | 2023-02-13 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The name of the patch is 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10073 | 1 Tinymighty | 1 Wikiseo | 2023-02-13 | N/A | 9.6 CRITICAL |
| A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 089a5797be612b18a820f9f1e6593ad9a91b1dba. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220215. | |||||
| CVE-2018-25080 | 1 Mobile Detect Project | 1 Mobile Detect | 2023-02-13 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The name of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability. | |||||
| CVE-2022-4762 | 1 Extendthemes | 1 Materialis Companion | 2023-02-13 | N/A | 5.4 MEDIUM |
| The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4756 | 1 My Youtube Channel Project | 1 My Youtube Channel | 2023-02-13 | N/A | 5.4 MEDIUM |
| The My YouTube Channel WordPress plugin before 3.23.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4824 | 1 Essentialplugin | 1 Wp Blog And Widget | 2023-02-13 | N/A | 5.4 MEDIUM |
| The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||