CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0539 – GS Insever Portfolio < 1.4.5 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0539
03 Feb 2023 — The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The GS Insever Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.4.4 due to insufficient input sanitization and output esc... • https://wpscan.com/vulnerability/a4b6a83a-6394-4dfc-8bb3-4982867dab7d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0492 – GS Products Slider for WooCommerce < 1.5.9 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0492
30 Jan 2023 — The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The GS Products Slider for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.5.8 due to insufficient input ... • https://wpscan.com/vulnerability/ea3b129d-32d8-40e3-b1af-8b92a760db23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0540 – GS Filterable Portfolio < 1.6.1 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0540
30 Jan 2023 — The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The GS Filterable Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.6.0 due to insufficient input sanitization and outp... • https://wpscan.com/vulnerability/b35b3da2-468d-4fe5-bff6-812432197a38 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0541 – GS Books Showcase < 1.3.1 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0541
30 Jan 2023 — The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The GS Books Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping ... • https://wpscan.com/vulnerability/8453e587-cc8c-491a-af09-fc4ab215134b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0559 – GS Portfolio for Envato < 1.4.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0559
30 Jan 2023 — The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The GS Portfolio for Envato plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.3.8 due to insufficient input sanitization and ou... • https://wpscan.com/vulnerability/e5549261-66e2-4a5e-8781-bc555b629ccc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4624 – GS Logo Slider < 3.3.8 - Contributor+ Stored XSS in Shortcode
https://notcve.org/view.php?id=CVE-2022-4624
29 Dec 2022 — The GS Logo Slider WordPress plugin before 3.3.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. El complemento GS Logo Slider de WordPress anterior a 3.3.8 no valida ni escapa algunos de sus atributos de código corto antes de devolverlos a la página, lo que podría permitir a los usuari... • https://wpscan.com/vulnerability/e7dc0202-6be4-46fc-a451-fb3a25727b51 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40213 – WordPress GS Testimonial Slider plugin <= 1.9.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-40213
15 Sep 2022 — Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress. Múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) Autenticado (contribuidor+) Almacenado en el plugin GS Testimonial Slider versiones anteriores a 1.9.6 incluyéndola en WordPress. The GS Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.9.6 due to insufficient in... • https://patchstack.com/database/vulnerability/gs-testimonial/wordpress-gs-testimonial-slider-plugin-1-9-6-multiple-authenticated-stored-cross-site-scripting-xss-vulnerabilities/_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35882 – WordPress GS Testimonial Slider plugin <= 1.9.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-35882
27 Jul 2022 — Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress. Vulnerabilidad de Cross-Site Scripting (XSS) autentificada (rol de autor o usuario superior) en el plugin GS Plugins GS Testimonial Slider versiones anteriores a 1.9.5 en WordPress The GS Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as 'gs_t_client_company' and 'gs_t_client_design' in v... • https://patchstack.com/database/vulnerability/gs-testimonial/wordpress-gs-testimonial-slider-plugin-1-9-1-authenticated-stored-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •