CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
The Insert Pages WordPress plugin before 3.7.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform S...Show more |
1Insert Pages Project 1Insert Pages Nov 21, 2024 Nov 17, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie private), using a shortcod...Show more |
1Insert Pages Project 1Insert Pages Nov 21, 2024 Nov 17, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by...Show more |
1Insert Pages Project 1Insert Pages Nov 21, 2024 Aug 22, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths. |