Skip to main content

Accordion

4 CVEs product

Monthly

CVE-2023-47809 MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion plugin <= 2.6 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Accordion
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5666 MEDIUM POC PATCH This Month

The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Accordion
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-24283 MEDIUM POC This Month

The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Accordion
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-13644 MEDIUM POC This Month

An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Accordion
NVD
CVSS 3.1
5.4
EPSS
0.8%
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion plugin <= 2.6 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Accordion
NVD
EPSS 0% CVSS 6.4
MEDIUM POC PATCH This Month

The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Accordion
NVD VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Accordion
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Accordion
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy