CVE's - CVE Vulnerability

CVE

Vendors

Products

Updated

CVSS v2

CVSS v3

CVE-2023-0072

Wc Vendors Marketplace, Wcvendors

Wc_vendors_marketplace

2023-02-13

N/A

5.4 MEDIUM

The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2023-0071

Shapedplugin, Wp Tabs

Location_weather, Logo_carousel, Post_grid,_post_carousel,_&_list_category_posts, Product_slider_for_woocommerce, Real_testimonials, Wp_tabs

2023-02-07

N/A

5.4 MEDIUM

The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2023-0070

Responsivevoice, Responsivevoice Text To Speech

Responsivevoice_text_to_speech

2023-02-13

N/A

5.4 MEDIUM

The ResponsiveVoice Text To Speech WordPress plugin through 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2023-0067

Timed Content Project

Timed_content

2023-02-21

N/A

The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2023-0062

Ean For Woocommerce, Wpfactory

Download_plugins_and_themes_from_dashboard, Ean_for_woocommerce

2023-02-13

N/A

5.4 MEDIUM

The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2023-0061

Judge, Product Reviews For Woocommerce

Product_reviews_for_woocommerce

2023-02-23

N/A

5.4 MEDIUM

The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2023-0060

Responsive Gallery Grid Project

Responsive_gallery_grid

2023-02-23

N/A

5.4 MEDIUM

The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2023-0059

Kainelabs, Youzify

Youzify

2023-02-21

N/A

The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2023-0057

Pyload, Pyload-ng Project

Pyload-ng

2023-01-11

N/A

6.1 MEDIUM

Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.

CVE-2023-0055

Pyload

2023-01-11

N/A

5.3 MEDIUM

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.

« Previous 1 … 11,250 11,251 11,252 11,253 11,254 … 11,258 Next »