essentialplugin CVE 脆弱性と CVE 一覧(9)

製品(CPE): — CVE 件数: 9

essentialplugin 脆弱性概要

essentialplugin 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

一般的な弱点パターンには vendor risk cross-site scripting and vendor risk csrf があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact session compromise などのリスクが生じる可能性があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 19 / 9 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2024-4194 The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. [email protected] 6.5 0.48% 2024-06-05 2026-06-17
CVE-2023-38516 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Audio Player with Playlist Ultimate plugin <= 1.2.2 versions. [email protected] 6.5 0.31% 2023-09-03 2026-06-17
CVE-2022-45818 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <= 1.3.4 versions. [email protected] 6.5 0.36% 2023-05-04 2026-06-17
CVE-2022-38077 Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions. [email protected] 4.3 0.26% 2023-03-29 2026-06-17
CVE-2022-4791 The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. [email protected] 5.4 0.47% 2023-02-21 2026-06-17
CVE-2022-4824 The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. [email protected] 5.4 0.65% 2023-02-06 2026-06-17
CVE-2022-4747 The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. [email protected] 5.4 0.69% 2023-02-06 2026-06-17
CVE-2022-2115 The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting [email protected] 6.1 0.53% 2022-07-25 2026-06-17
CVE-2021-24883 The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks [email protected] 5.4 0.78% 2021-11-29 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence