CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40663 – WordPress WP VR Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-40663
18 Aug 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme WP VR plugin <= 8.3.4 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Rextheme WP VR en versiones <= 8.3.4. The WP VR plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via tab parameters in versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip... • https://patchstack.com/database/vulnerability/wpvr/wordpress-wp-vr-plugin-8-3-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47449 – WordPress Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-47449
02 Mar 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD plugin <= 3.1.5 versions. The Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'cart_search' parameter in versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pa... • https://patchstack.com/database/vulnerability/cart-lift/wordpress-cart-lift-abandoned-cart-recovery-for-woocommerce-and-edd-plugin-3-1-5-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0174 – WP VR < 8.2.7 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0174
12 Jan 2023 — The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The WP VR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping on user supplied attribute... • https://wpscan.com/vulnerability/6b53d0e6-def9-4907-bd2b-884b2afa52b3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •