Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-0076 - Before 1 Plugin
The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 1
CVE-2023-0076
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0539 - Before 1 Plugin
The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 1
CVE-2023-0539
Risk Score
Threat Entry
Updated 2025-03-14
CVE-2023-0559 - Before 1 Plugin
The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 1
CVE-2023-0559
Risk Score
Threat Entry
Updated 2025-03-12
CVE-2023-0541 - Before 1 Plugin
The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 1
CVE-2023-0541
Risk Score
Threat Entry
Updated 2025-03-13
CVE-2023-0540 - Before 1 Plugin
The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 1
CVE-2023-0540
Risk Score
Threat Entry
Updated 2025-03-14
CVE-2023-0492 - Before 1 Plugin
The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 1
CVE-2023-0492
Risk Score
Threat Entry
Updated 2025-03-12
CVE-2023-0442 - Before 1 Plugin
The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL.
PLUGIN
Before 1
CVE-2023-0442
Risk Score
Threat Entry
Updated 2025-03-12
CVE-2023-0419 - Before 1 Plugin
The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 1
CVE-2023-0419
Risk Score
Threat Entry
Updated 2025-03-13
CVE-2023-0371 - Before 1 Plugin
The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 1
CVE-2023-0371
Risk Score
Threat Entry
Updated 2025-03-12
CVE-2023-0366 - Before 1 Plugin
The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 1
CVE-2023-0366
Risk Score
Threat Entry
Updated 2025-03-14
CVE-2023-0271 - Before 1 Plugin
The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 1
CVE-2023-0271
Risk Score
Threat Entry
Updated 2025-03-12
CVE-2023-0059 - Before 1 Plugin
The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 1
CVE-2023-0059
Risk Score
Threat Entry
Updated 2025-03-21
CVE-2023-0379 - Before 1 Plugin
The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 1
CVE-2023-0379
Risk Score
Threat Entry
Updated 2025-03-21
CVE-2023-0373 - Before 1 Plugin
The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
PLUGIN
Before 1
CVE-2023-0373
Risk Score
Threat Entry
Updated 2025-03-21
CVE-2023-0362 - Before 1 Plugin
Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 1
CVE-2023-0362
Risk Score
Threat Entry
Updated 2025-03-21
CVE-2023-0405 - Before 1 Plugin
The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.
PLUGIN
Before 1
CVE-2023-0405
Risk Score
Threat Entry
Updated 2025-03-20
CVE-2023-0360 - Before 1 Plugin
The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 1
CVE-2023-0360
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0159 - Before 1 Plugin
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.
PLUGIN
Before 1
CVE-2023-0159
Risk Score
Threat Entry
Updated 2025-03-21
CVE-2023-0166 - Before 1 Plugin
The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 1
CVE-2023-0166
Risk Score
Threat Entry
Updated 2025-03-21
CVE-2023-0061 - Before 1 Plugin
The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 1
CVE-2023-0061
Risk Score