Skip to main content
CVE-2023-6000 MEDIUM POC THREAT This Month

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.0%.

XSS WordPress Popup Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
64.0%
Threat
4.6
CVE-2023-6485 MEDIUM POC This Month

The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Html5 Video Player
NVD WPScan
CVSS 3.1
5.4
EPSS
1.9%
CVE-2023-6037 MEDIUM POC This Month

The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Tripadvisor Review Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-21732 MEDIUM POC This Month

FlyCms through abbaa5a allows XSS via the permission management feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flycms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy