Filtered by vendor Gsplugins
Subscribe
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4624 | 1 Gsplugins | 1 Gs Logo Slider | 2025-04-02 | N/A | 5.4 MEDIUM |
| The GS Logo Slider WordPress plugin before 3.3.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2023-0559 | 1 Gsplugins | 1 Gs Portfolio For Envato | 2025-03-14 | N/A | 5.4 MEDIUM |
| The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0492 | 1 Gsplugins | 1 Gs Products Slider | 2025-03-14 | N/A | 5.4 MEDIUM |
| The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-0540 | 1 Gsplugins | 1 Gs Filterable Portfolio | 2025-03-13 | N/A | 5.4 MEDIUM |
| The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-0541 | 1 Gsplugins | 1 Gs Books Showcase | 2025-03-12 | N/A | 5.4 MEDIUM |
| The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-11746 | 1 Gsplugins | 1 Woocommerce Brands | 2025-02-25 | N/A | 6.4 MEDIUM |
| The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_brand' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2023-0539 | 1 Gsplugins | 1 Gs Insever Portfolio | 2024-11-21 | N/A | 5.4 MEDIUM |
| The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-40213 | 1 Gsplugins | 1 Gs Testimonial Slider | 2024-11-21 | N/A | 4.1 MEDIUM |
| Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress. | |||||
| CVE-2022-35882 | 1 Gsplugins | 1 Gs Testimonial Slider | 2024-11-21 | N/A | 4.8 MEDIUM |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress. | |||||
| CVE-2024-7716 | 1 Gsplugins | 1 Gs Logo Slider | 2024-09-25 | N/A | 4.8 MEDIUM |
| The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||