Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks.
The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting at
The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ez-toc` shortcode in all versions up to, and including, 2.0.78 due to insufficient input
The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attac
The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti
The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `table` shortcode attributes in all versions up to, and including, 3.2
The Simple Share WordPress plugin through 0.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e
The BU Section Editing WordPress plugin through 0.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used ag
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform
The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-S
The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WP_EASY_FAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitiza
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform
The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agai
The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insuffici
The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used aga
The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform
The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when
Page 1+ Next →