CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125109 – BestWebSoft Portfolio Plugin bws_menu.php bws_add_menu_render cross site scripting
https://notcve.org/view.php?id=CVE-2014-125109
26 Dec 2023 — A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack can be initiated remotely. • https://github.com/wp-plugins/portfolio/commit/d2ede580474665af56ff262a05783fbabe4529b8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23685 – WordPress Portfolio – WordPress Portfolio Plugin Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23685
13 Feb 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin <= 2.8.10 versions. The Portfolio – WordPress Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes in versions up to, and including, 2.8.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scr... • https://patchstack.com/database/vulnerability/tlp-portfolio/wordpress-portfolio-wordpress-portfolio-plugin-plugin-2-8-10-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18087
https://notcve.org/view.php?id=CVE-2018-18087
09 Oct 2018 — The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/${project_title}. El plugin Bixie Portfolio 1.2.0 para Pagekit tiene Cross-Site Scripting (XSS): un usuario que haya iniciado sesión y que posea el privilegio "Manage portfolio" puede inyectar scripts web o HTML arbitrarios mediante el campo Image URL en el... • https://github.com/Bixie/pagekit-portfolio/issues/44 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2017-2171
https://notcve.org/view.php?id=CVE-2017-2171
22 May 2017 — Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Post... • http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-6523 – Portfolio Plugin < 1.05 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-6523
20 Jul 2015 — Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php. Vulnerabilidad CSRF en el plugin Portfolio en versiones anteriores a 1.05 para WordPress, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que tienen un impacto no especificado... • http://seclists.org/fulldisclosure/2015/Jul/104 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-10017 – BestWebSoft Portfolio Plugin cross-site request forgery
https://notcve.org/view.php?id=CVE-2012-10017
24 Jul 2012 — A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. • https://github.com/wp-plugins/portfolio/commit/68af950330c3202a706f0ae9bbb52ceaa17dda9d • CWE-352: Cross-Site Request Forgery (CSRF) •