• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2023-0072
Wc Vendors Marketplace, Wcvendors
Wc_vendors_marketplace
2023-02-13
N/A
5.4 MEDIUM
The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0071
Shapedplugin, Wp Tabs
Location_weather, Logo_carousel, Post_grid,_post_carousel,_&_list_category_posts, Product_slider_for_woocommerce, Real_testimonials, Wp_tabs
2023-02-07
N/A
5.4 MEDIUM
The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0070
Responsivevoice, Responsivevoice Text To Speech
Responsivevoice_text_to_speech
2023-02-13
N/A
5.4 MEDIUM
The ResponsiveVoice Text To Speech WordPress plugin through 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0067
Timed Content Project
Timed_content
2023-02-21
N/A
N/A
The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0062
Ean For Woocommerce, Wpfactory
Download_plugins_and_themes_from_dashboard, Ean_for_woocommerce
2023-02-13
N/A
5.4 MEDIUM
The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0061
Judge, Product Reviews For Woocommerce
Product_reviews_for_woocommerce
2023-02-23
N/A
5.4 MEDIUM
The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0060
Responsive Gallery Grid Project
Responsive_gallery_grid
2023-02-23
N/A
5.4 MEDIUM
The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0059
Kainelabs, Youzify
Youzify
2023-02-21
N/A
N/A
The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0057
Pyload, Pyload-ng Project
Pyload-ng
2023-01-11
N/A
6.1 MEDIUM
Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.
CVE-2023-0055
Pyload
2023-01-11
N/A
5.3 MEDIUM
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.
« Previous 1 … 11,250 11,251 11,252 11,253 11,254 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE