Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4776 | 1 Caterhamcomputing | 1 Cc Child Pages | 2023-02-06 | N/A | 5.4 MEDIUM |
| The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4765 | 1 Pwrplugins | 1 Portfolio For Elementor | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4749 | 1 Infornweb | 1 Posts List Designer | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Posts List Designer by Category WordPress plugin before 3.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4699 | 1 Mediaelement.js Project | 1 Mediaelement.js | 2023-02-06 | N/A | 5.4 MEDIUM |
| The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins. | |||||
| CVE-2022-4667 | 1 Themeisle | 1 Rss Aggregator By Feedzy | 2023-02-06 | N/A | 5.4 MEDIUM |
| The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4671 | 1 Pixelgrade | 1 Pixcodes | 2023-02-06 | N/A | 5.4 MEDIUM |
| The PixCodes WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4654 | 1 Fatcatapps | 1 Pricing Tables | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4651 | 1 Justified Gallery Project | 1 Justified Gallery | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4649 | 1 Wp Extended Search Project | 1 Wp Extended Search | 2023-02-06 | N/A | 5.4 MEDIUM |
| The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4835 | 1 Linksalpha | 1 Social Sharing Toolkit | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Social Sharing Toolkit WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4834 | 1 Cpt Bootstrap Carousel Project | 1 Cpt Bootstrap Carousel | 2023-02-06 | N/A | 5.4 MEDIUM |
| The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4831 | 1 Paidmembershipspro | 1 Custom User Profile Fields For User Registration | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4828 | 1 Bold-themes | 1 Bold Timeline Lite | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4793 | 1 Solwininfotech | 1 Blog Designer | 2023-02-06 | N/A | 5.4 MEDIUM |
| The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-4792 | 1 Infornweb | 1 News \& Blog Designer Pack | 2023-02-06 | N/A | 5.4 MEDIUM |
| The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-46087 | 1 Cloudschool Project | 1 Cloudschool | 2023-02-06 | N/A | 5.4 MEDIUM |
| CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user. | |||||
| CVE-2021-24213 | 1 Givewp | 1 Givewp | 2023-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page. | |||||
| CVE-2021-24315 | 1 Givewp | 1 Givewp | 2023-02-06 | 3.5 LOW | 4.8 MEDIUM |
| The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.4 did not sanitise or escape the Background Image field of its Stripe Checkout Setting and Logo field in its Email settings, leading to authenticated (admin+) Stored XSS issues. | |||||
| CVE-2019-15317 | 1 Givewp | 1 Givewp | 2023-02-06 | 3.5 LOW | 5.4 MEDIUM |
| The give plugin before 2.4.7 for WordPress has XSS via a donor name. | |||||
| CVE-2019-9909 | 1 Givewp | 1 Givewp | 2023-02-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS. | |||||