oxilab 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-37122 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Accordions allows Stored XSS.This issue affects Accordions: from n/a through 2.3.5. | [email protected] | 5.9 | 0.08% | 2024-07-22 | 2024-11-21 |
| CVE-2024-37121 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Shortcode Addons allows Stored XSS.This issue affects Shortcode Addons: from n/a through 3.2.5. | [email protected] | 5.9 | 0.09% | 2024-07-22 | 2024-11-21 |
| CVE-2024-37120 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Tabs allows Stored XSS.This issue affects Tabs: from n/a through 4.0.6. | [email protected] | 5.9 | 0.09% | 2024-07-22 | 2024-11-21 |
| CVE-2024-37546 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Image Hover Effects - Caption Hover with Carousel allows Stored XSS.This issue affects Image Hover Effects - Caption Hover with Carousel: from n/a through 3.0.2. | [email protected] | 6.5 | 0.09% | 2024-07-06 | 2024-11-21 |
| CVE-2024-5001 | The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_id', 'oxi_addons_f_title_tag', and 'content_description_tag' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an inje | [email protected] | 6.4 | 0.22% | 2024-06-06 | 2026-04-08 |
| CVE-2023-25962 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari Accordion – Multiple Accordion or FAQs Builder plugin <= 2.3.0 versions. | [email protected] | 5.9 | 0.21% | 2023-05-04 | 2024-11-21 |
| CVE-2022-45831 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in biplob018 Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 2.8 versions. | [email protected] | 7.1 | 0.29% | 2023-03-28 | 2024-11-21 |
| CVE-2022-4207 | The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin ma | [email protected] | 5.5 | 0.27% | 2022-12-13 | 2024-11-21 |
| CVE-2022-45082 | Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key. | [email protected] | 3.4 | 0.21% | 2022-11-18 | 2024-11-21 |
| CVE-2022-42459 | Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress. | [email protected] | 7.2 | 0.66% | 2022-11-18 | 2024-11-21 |
| CVE-2022-38104 | Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress. | [email protected] | 7.2 | 0.95% | 2022-10-21 | 2024-11-21 |
| CVE-2022-2937 | The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers | [email protected] | 6.4 | 0.17% | 2022-09-23 | 2024-11-21 |
| CVE-2022-2936 | The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if | [email protected] | 6.4 | 0.17% | 2022-09-06 | 2024-11-21 |
| CVE-2022-2935 | The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, how | [email protected] | 6.4 | 0.17% | 2022-09-06 | 2024-11-21 |
| CVE-2022-33970 | Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin <= 3.1.2 at WordPress. | [email protected] | 7.2 | 1.12% | 2022-07-27 | 2024-11-21 |
| CVE-2022-36375 | Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress. | [email protected] | 7.2 | 1.28% | 2022-07-25 | 2024-11-21 |
| CVE-2022-33969 | Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress. | [email protected] | 7.2 | 1.28% | 2022-07-25 | 2024-11-21 |
| CVE-2022-34487 | Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | [email protected] | 9.8 | 48.40% | 2022-07-21 | 2024-11-21 |
| CVE-2022-33198 | Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. | [email protected] | 9.8 | 36.76% | 2022-07-21 | 2024-11-21 |
| CVE-2022-29424 | Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress. | [email protected] | 4.8 | 0.22% | 2022-05-20 | 2024-11-21 |