Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization func
The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient i
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions
The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output e
The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization an
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and
The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient i
The WP Tournament Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘field’ parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitiz
The Simple User Meta Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user meta value field in all versions up to, and including, 1.0.0 due to insufficient input saniti
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitizat
The HTML Forms – Simple WordPress Forms Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.5 due to insufficient inpu
The WP Social Meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output es
The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events_list' shortcodes in all versions up to, and including, 5.9.9 due to insufficient input sanitiz
The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input sanitization a
The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user
The Layers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including, 0.5 due to insufficient input sanitization and ou
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.94.0 due to insufficient input sa
The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitizat
The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, 2.0.1. This is due to insufficient input san
The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitizatio
Page 1+ Next →