Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0366 | 1 Quick-plugins | 1 Loan Comparison | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0285 | 1 Devowl | 1 Real Media Library | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0271 | 1 Wp Font Awesome Project | 1 Wp Font Awesome | 2023-02-27 | N/A | 5.4 MEDIUM |
| The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0232 | 1 Hasthemes | 1 Shoplentor | 2023-02-27 | N/A | 9.8 CRITICAL |
| The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection. | |||||
| CVE-2023-0231 | 1 Hasthemes | 1 Shoplentor | 2023-02-27 | N/A | 5.4 MEDIUM |
| The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0067 | 1 Timed Content Project | 1 Timed Content | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0059 | 1 Kainelabs | 1 Youzify | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4897 | 1 Ithemes | 1 Backupbuddy | 2023-02-27 | N/A | 6.1 MEDIUM |
| The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting | |||||
| CVE-2022-4714 | 1 Wppool | 1 Wp Dark Mode | 2023-02-27 | N/A | 5.4 MEDIUM |
| The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack | |||||
| CVE-2022-4752 | 1 Opening Hours Project | 1 Opening Hours | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Opening Hours WordPress plugin through 2.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4750 | 1 Wp Responsive Testimonials Slider And Widget Project | 1 Wp Responsive Testimonials Slider And Widget | 2023-02-27 | N/A | 5.4 MEDIUM |
| The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4777 | 1 Bootstrap Shortcodes Project | 1 Bootstrap Shortcodes | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4764 | 1 Simple File Downloader Project | 1 Simple File Downloader | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Simple File Downloader WordPress plugin through 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4761 | 1 Post Views Count Project | 1 Post Views Count | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4754 | 1 Easy Social Box Project | 1 Easy Social Box | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4786 | 1 Video.js Project | 1 Video.js | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4785 | 1 Video Sidebar Widgets Project | 1 Video Sidebar Widgets | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4784 | 1 Presscustomizr | 1 Hueman Addons | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2022-4791 | 1 Essentialplugin | 1 Product Slider And Carousel With Category With Woocommerce | 2023-02-27 | N/A | 5.4 MEDIUM |
| The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2023-1040 | 1 Online Graduate Tracer System Project | 1 Online Graduate Tracer System | 2023-02-27 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Affected by this issue is some unknown functionality of the file tracking/admin/add_acc.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221798 is the identifier assigned to this vulnerability. | |||||