Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 8301-8320 of 10866 records
Threat Entry Updated 2024-11-21

CVE-2023-5116 - Live Updates From Excel Plugin

The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ipushpull_page' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Live Updates From Excel

CVE-2023-5116

MEDIUM CVSS 6.4 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5073 - Iframe Forms Plugin

The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Iframe Forms

CVE-2023-5073

MEDIUM CVSS 6.4 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5114 - Idbbee Plugin

The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idbbee' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Idbbee

CVE-2023-5114

MEDIUM CVSS 5.4 2023-10-31
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5666 - Accordion Plugin

The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Accordion

CVE-2023-5666

MEDIUM CVSS 6.4 2023-10-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5566 - Simple Shortcodes Plugin

The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Simple Shortcodes

CVE-2023-5566

MEDIUM CVSS 6.4 2023-10-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5565 - Shortcod Menu Plugin

The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Shortcod Menu

CVE-2023-5565

MEDIUM CVSS 6.4 2023-10-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5362 - Carousel Recent Post Slider And Banner Slider Plugin

The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Carousel Recent Post Slider And Banner Slider

CVE-2023-5362

MEDIUM CVSS 6.4 2023-10-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5335 - Buzzsprout Plugin

The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'buzzsprout' shortcode in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Buzzsprout

CVE-2023-5335

MEDIUM CVSS 6.4 2023-10-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5252 - Fareharbor Plugin

The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Fareharbor

CVE-2023-5252

MEDIUM CVSS 6.4 2023-10-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5250 - Grid Plus Plugin

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included. This is limited to .php files.

PLUGIN Grid Plus

CVE-2023-5250

MEDIUM CVSS 6.4 2023-10-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5164 - Bellows Accordion Menu Plugin

The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Bellows Accordion Menu

CVE-2023-5164

MEDIUM CVSS 6.4 2023-10-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5049 - Rafflepress Plugin

The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepress_gutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Rafflepress

CVE-2023-5049

MEDIUM CVSS 6.4 2023-10-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5251 - Grid Plus Plugin

The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout.

PLUGIN Grid Plus

CVE-2023-5251

MEDIUM CVSS 5.4 2023-10-30
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5821 - Thumbnail Carousel Slider Plugin

The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Thumbnail Carousel Slider

CVE-2023-5821

MEDIUM CVSS 4.3 2023-10-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5705 - Vk Filter Search Plugin

The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Vk Filter Search

CVE-2023-5705

MEDIUM CVSS 6.4 2023-10-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5817 - Neon Text Plugin

The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Neon Text

CVE-2023-5817

MEDIUM CVSS 6.4 2023-10-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5774 - Animated Counters Plugin

The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Animated Counters

CVE-2023-5774

MEDIUM CVSS 6.4 2023-10-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5051 - Callrail Phone Call Tracking Plugin

The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrail_form' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the 'form_id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Callrail Phone Call Tracking

CVE-2023-5051

MEDIUM CVSS 6.4 2023-10-27
Open Full Technical Breakdown
Scroll to top