Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4508 | 1 Convertkit | 1 Convertkit - Email Marketing\, Email Newsletter And Landing Pages | 2023-01-25 | N/A | 5.4 MEDIUM |
| The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. | |||||
| CVE-2022-4507 | 1 Devowl | 1 Wordpress Real Cookie Banner | 2023-01-25 | N/A | 5.4 MEDIUM |
| The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. | |||||
| CVE-2022-4483 | 1 Insert Pages Project | 1 Insert Pages | 2023-01-25 | N/A | 5.4 MEDIUM |
| The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4482 | 1 Techearty | 1 Carousel\, Slider\, Gallery By Wp Carousel | 2023-01-25 | N/A | 5.4 MEDIUM |
| The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4480 | 1 Holithemes | 1 Click To Chat | 2023-01-25 | N/A | 5.4 MEDIUM |
| The Click to Chat WordPress plugin before 3.18.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4481 | 1 Extendthemes | 1 Mesmerize Companion | 2023-01-25 | N/A | 5.4 MEDIUM |
| The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4478 | 1 Fontawesome | 1 Font Awesome | 2023-01-25 | N/A | 5.4 MEDIUM |
| The Font Awesome WordPress plugin before 4.3.2 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. | |||||
| CVE-2022-4477 | 1 Smashballoon | 1 Smash Balloon Social Post Feed | 2023-01-25 | N/A | 5.4 MEDIUM |
| The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. | |||||
| CVE-2022-4476 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2023-01-25 | N/A | 5.4 MEDIUM |
| The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins. | |||||
| CVE-2022-4469 | 1 Simple-membership-plugin | 1 Simple Membership | 2023-01-25 | N/A | 5.4 MEDIUM |
| The Simple Membership WordPress plugin before 4.2.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. | |||||
| CVE-2022-4465 | 1 Tipsandtricks-hq | 1 Wp Video Lightbox | 2023-01-25 | N/A | 5.4 MEDIUM |
| The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. | |||||
| CVE-2022-42462 | 1 Ip Blacklist Cloud Project | 1 Ip Blacklist Cloud | 2023-01-24 | N/A | 4.8 MEDIUM |
| Auth. Stored Cross-Site Scripting (XSS) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions. | |||||
| CVE-2023-23637 | 1 Unistra | 1 Impatient | 2023-01-24 | N/A | 7.6 HIGH |
| IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. This may allow attackers to steal Protected Health Information. | |||||
| CVE-2023-22296 | 1 Ate-mahoroba | 6 Maho-pbx Netdevancer, Maho-pbx Netdevancer Firmware, Maho-pbx Netdevancer Mobilegate and 3 more | 2023-01-24 | N/A | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability in MAHO-PBX NetDevancer series MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
| CVE-2023-0327 | 1 Theradsystem Project | 1 Theradsystem | 2023-01-24 | N/A | 6.1 MEDIUM |
| A vulnerability was found in saemorris TheRadSystem. It has been classified as problematic. Affected is an unknown function of the file users.php. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. VDB-218454 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4460 | 1 Codelights-shortcodes-and-widgets Project | 1 Codelights-shortcodes-and-widgets | 2023-01-24 | N/A | 5.4 MEDIUM |
| The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. | |||||
| CVE-2022-4464 | 1 Themify | 1 Portfolio Post | 2023-01-24 | N/A | 5.4 MEDIUM |
| Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin. | |||||
| CVE-2022-4453 | 1 3d Flipbook Project | 1 3d Flipbook | 2023-01-24 | N/A | 5.4 MEDIUM |
| The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators. | |||||
| CVE-2022-4487 | 1 Techearty | 1 Easy Accordion | 2023-01-24 | N/A | 5.4 MEDIUM |
| The Easy Accordion WordPress plugin before 2.2.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-38467 | 1 Crmperks | 1 Crm Perks Forms | 2023-01-24 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver. | |||||