CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-4948 The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up t... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-49611 Unrestricted Upload of File with Dangerous Type vulnerability in paxmanpwnz Product Website Showcase product-websites-showcase allows Upload a Web Shell to a Web Server.This issue affects Product Webs... | 10.0 | CRITICAL | — | 0 |
| CVE-2023-4963 The WS Facebook Like Box Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input sa... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-4994 The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with s... | 9.9 | CRITICAL | — | 0 |
| CVE-2023-5001 The Horizontal scrolling announcement plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'horizontal-scrolling' shortcode in versions up to, and including, 9.2 due to insufficient i... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-3025 The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to... | 7.2 | HIGH | — | 0 |
| CVE-2023-5054 The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the... | 5.8 | MEDIUM | — | 0 |
| CVE-2023-4716 The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitizat... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-4774 The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input s... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-5125 The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-5134 The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the info... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-5135 The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-5161 The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on ... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-5162 The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input saniti... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-5230 The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to insufficien... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-5233 The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and... | 6.4 | MEDIUM | — | 0 |
| CVE-2006-1435 Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Mes... | N/A | NONE | — | 0 |
| CVE-2023-5201 The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level perm... | 9.9 | CRITICAL | — | 0 |
| CVE-2023-5295 The Comments by Startbit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization an... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-5334 The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-3213 The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This mak... | 5.3 | MEDIUM | — | 0 |
| CVE-2006-0571 Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. | N/A | NONE | — | 0 |
| CVE-2023-5291 The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and outp... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-5357 The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output e... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-4469 The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, a... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-5467 The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping o... | 6.4 | MEDIUM | — | 0 |
| CVE-2006-1438 Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) in... | N/A | NONE | — | 0 |
| CVE-2023-4995 The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output es... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-1259 The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping.... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-3254 The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setu... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-5538 The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and outp... | 7.2 | HIGH | — | 0 |
| CVE-2024-49630 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DevItems WP Education wp-education allows Stored XSS.This issue affects WP Education: from n/a thr... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-4938 The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-5621 The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input sanitizat... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-4645 The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sen... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-5336 The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping o... | 8.8 | HIGH | — | 0 |
| CVE-2023-5638 The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization a... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-5639 The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input saniti... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-5204 The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-5212 The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. This makes it possible for authenticated attackers with s... | 9.6 | CRITICAL | — | 0 |
| CVE-2023-5254 The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated att... | 5.3 | MEDIUM | — | 0 |
| CVE-2006-0572 phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication. | N/A | NONE | — | 0 |
| CVE-2023-5613 The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanit... | 6.4 | MEDIUM | — | 0 |
| CVE-2021-4335 The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in version... | 6.3 | MEDIUM | — | 0 |
| CVE-2021-4353 The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-4712 The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible... | 7.2 | HIGH | — | 0 |
| CVE-2023-4920 The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. T... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-5200 The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escap... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-5414 The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read ... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-5576 The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext ... | 8.0 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.