Filtered by vendor Wpshopmart
Subscribe
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36857 | 1 Wpshopmart | 1 Testimonial Builder | 2022-08-23 | N/A | 5.4 MEDIUM |
| Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress. | |||||
| CVE-2021-24191 | 1 Wpshopmart | 1 Coming Soon Page \& Maintenance Mode | 2022-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. | |||||
| CVE-2022-1298 | 1 Wpshopmart | 1 Tabs Responsive | 2022-05-27 | 3.5 LOW | 4.8 MEDIUM |
| The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24598 | 1 Wpshopmart | 1 Testimonial Builder | 2021-11-19 | 3.5 LOW | 4.8 MEDIUM |
| The Testimonial WordPress plugin before 1.6.0 does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2018-5312 | 1 Wpshopmart | 1 Tabs Responsive | 2018-01-26 | 3.5 LOW | 5.4 MEDIUM |
| The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php. | |||||