CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40669 – WordPress Collapse-O-Matic Plugin <= 1.8.5.5 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-40669
22 Aug 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in twinpictures, baden03 Collapse-O-Matic plugin <= 1.8.5.5 versions. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en twinpictures, complemento baden03 Collapse-O-Matic en versiones <= 1.8.5.5. The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output ... • https://patchstack.com/database/vulnerability/jquery-collapse-o-matic/wordpress-collapse-o-matic-plugin-1-8-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4475 – Collapse-O-Matic < 1.8.3 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4475
28 Dec 2022 — The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. El complemento Collapse-O-Matic de WordPress anterior a 1.8.3 no valida ni escapa algunos de sus atributos de código corto antes de devolverlos a la página, lo que podría permitir a los usu... • https://wpscan.com/vulnerability/3b5c377c-3148-4373-996c-89851d5e39e5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •