Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which coul
The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is e
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which po
The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings
The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which c
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.94.0 due to insufficient input sa
The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, wh
The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and
The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitiz
The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could all
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action th
The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to insufficie
The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users w
The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21 due to insufficient inp
The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could all
The Subpage List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subpages' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitizat
The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before_list' parameter in the [list-attachments] shortcode in all versions up to, and includin
The WP Post List Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpb_post_list_table' shortcode in all versions up to, and including, 1.0.3 due to insufficien
The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which c
The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow use
Page 1+ Next →