• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-0214
Skyhigh Secure Web Gateway, Trellix
Data_loss_prevention, Intelligent_sandbox, Intrusion_prevention_system_manager, Skyhigh_secure_web_gateway
2023-01-25
N/A
6.1 MEDIUM
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG.
CVE-2023-0178
Twinpictures
Annual_archive, Collapse-o-matic, Jquery_t(-)_countdown_widget
2023-02-14
N/A
5.4 MEDIUM
The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0177
Social Like Box And Page, Wpdevart
Booking_calendar, Coming_soon_and_maintenance_mode, Countdown_and_countup,_woocommerce_sales_timer, Download_image_and_video_lightbox,_image_popup, Duplicate_page_or_post, Gallery, Image_and_video_gallery_with_thumbnails, Organization_chart, Poll,_survey,_questionnaire_and_voting_system, Pricing_table_builder
2023-02-15
N/A
5.4 MEDIUM
The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0176
Giveaways And Contests By Rafflepress, Rafflepress
Giveaways_and_contests_by_rafflepress
2023-02-14
N/A
5.4 MEDIUM
The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0174
Rextheme, Wp Vr
Wp_vr
2023-02-14
N/A
5.4 MEDIUM
The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0173
Getwpfunnels
Drag_&_drop_sales_funnel_builder
2023-02-14
N/A
5.4 MEDIUM
The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0171
Twinpictures
Annual_archive, Collapse-o-matic, Jquery_t(-)_countdown_widget
2023-02-14
N/A
5.4 MEDIUM
The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0170
Bplugins
Document_embedder, Easy_twitter_feed, Html5_audio_player, Polo_video_gallery, Streamcast_radio_player
2023-02-14
N/A
5.4 MEDIUM
The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0169
Zohocorp
Manageengine_adselfservice_plus, Application_control_plus, Desktop_central, Firewall_analyzer, Log360, Manageengine_access_manager_plus, Manageengine_ad360, Manageengine_adaudit_plus, Manageengine_admanager_plus, Manageengine_analytics_plus
2023-02-15
N/A
5.4 MEDIUM
The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0166
Pickplugins
Accordion, Breadcrumb, Post_grid, Team_showcase, User_verification
2023-02-15
N/A
5.4 MEDIUM
The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
« Previous 1 … 11,243 11,244 11,245 11,246 11,247 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE