Skip to main content

Juicer

2 CVEs product

Monthly

CVE-2026-53737 MEDIUM This Month

Stored cross-site scripting in the Juicer WordPress plugin (versions through 1.12.18) allows an attacker who controls a connected social media feed source to inject arbitrary JavaScript that executes in a WordPress administrator's browser when the Juicer settings page loads. The plugin fetches remote feed API responses and renders them on the admin settings page without HTML output escaping, enabling script injection via externally controlled data. No public exploit has been identified at time of analysis, and the CVSS 4.0 score of 5.3 reflects the passive user interaction requirement limiting broad exploitation.

XSS Juicer
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2023-0172 MEDIUM POC This Month

The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Juicer
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
EPSS 0% CVSS 5.3
MEDIUM This Month

Stored cross-site scripting in the Juicer WordPress plugin (versions through 1.12.18) allows an attacker who controls a connected social media feed source to inject arbitrary JavaScript that executes in a WordPress administrator's browser when the Juicer settings page loads. The plugin fetches remote feed API responses and renders them on the admin settings page without HTML output escaping, enabling script injection via externally controlled data. No public exploit has been identified at time of analysis, and the CVSS 4.0 score of 5.3 reflects the passive user interaction requirement limiting broad exploitation.

XSS Juicer
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Juicer
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy