Turzum/CVE-2021-4034 Resources required for Pluralsight lab CVE-2021-4034 Create: 2023-02-14 02:27:30 +0000 UTC Push: 2023-02-14 02:27:31 +0000 UTC |

Turzum/ps-lab-cve-2021-4034 Resources required for Pluralsight lab CVE-2021-4034 Create: 2023-02-14 02:22:07 +0000 UTC Push: 2023-02-14 02:22:08 +0000 UTC |

Live-Hack-CVE/CVE-2023-0034 The JetWidgets For Elementor WordPress plugin through 1.0.13 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice Create: 2023-02-14 02:07:59 +0000 UTC Push: 2023-02-14 02:08:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-4830 The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as CVE project by @Sn0wAlice Create: 2023-02-14 02:07:55 +0000 UTC Push: 2023-02-14 02:07:58 +0000 UTC |

Live-Hack-CVE/CVE-2022-4783 The Youtube Channel Gallery WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice Create: 2023-02-14 02:07:52 +0000 UTC Push: 2023-02-14 02:07:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-4759 The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice Create: 2023-02-14 02:07:48 +0000 UTC Push: 2023-02-14 02:07:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-4745 The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example. CVE project by @Sn0wAlice Create: 2023-02-14 02:07:44 +0000 UTC Push: 2023-02-14 02:07:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-4682 The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice Create: 2023-02-14 02:07:39 +0000 UTC Push: 2023-02-14 02:07:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-4678 The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 02:07:36 +0000 UTC Push: 2023-02-14 02:07:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-4656 The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice Create: 2023-02-14 02:07:32 +0000 UTC Push: 2023-02-14 02:07:34 +0000 UTC |

Live-Hack-CVE/CVE-2022-4628 The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice Create: 2023-02-14 02:07:28 +0000 UTC Push: 2023-02-14 02:07:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-4580 The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks CVE project by @Sn0wAlice Create: 2023-02-14 02:07:24 +0000 UTC Push: 2023-02-14 02:07:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-4562 The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such CVE project by @Sn0wAlice Create: 2023-02-14 02:07:20 +0000 UTC Push: 2023-02-14 02:07:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-4551 The Rich Table of Contents WordPress plugin through 1.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such CVE project by @Sn0wAlice Create: 2023-02-14 02:07:16 +0000 UTC Push: 2023-02-14 02:07:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-4546 The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. CVE project by @Sn0wAlice Create: 2023-02-14 02:07:12 +0000 UTC Push: 2023-02-14 02:07:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-4512 The Better Font Awesome WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. CVE project by @Sn0wAlice Create: 2023-02-14 02:07:04 +0000 UTC Push: 2023-02-14 02:07:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-4488 The Widgets on Pages WordPress plugin through 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as adm CVE project by @Sn0wAlice Create: 2023-02-14 02:06:58 +0000 UTC Push: 2023-02-14 02:07:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-4473 The Widget Shortcode WordPress plugin through 0.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as adm CVE project by @Sn0wAlice Create: 2023-02-14 02:06:54 +0000 UTC Push: 2023-02-14 02:06:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-4471 The YARPP WordPress plugin through 5.30.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice Create: 2023-02-14 02:06:50 +0000 UTC Push: 2023-02-14 02:06:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-4458 The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such CVE project by @Sn0wAlice Create: 2023-02-14 02:06:46 +0000 UTC Push: 2023-02-14 02:06:48 +0000 UTC |