Oxilab

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-37122 1Oxilab 1Accordions Nov 21, 2024 Jul 22, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Accordions allows Stored XSS.This issue affects Accordions: from n/a through 2.3.5.
CVE-2024-37121 1Oxilab 1Shortcode Addons Nov 21, 2024 Jul 22, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Shortcode Addons allows Stored XSS.This issue affects Shortcode Addons: from n/a through 3.2.5.
CVE-2024-37120 1Oxilab 1Responsive Tabs Nov 21, 2024 Jul 22, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Tabs allows Stored XSS.This issue affects Tabs: from n/a through 4.0.6.
CVE-2024-37546 1Oxilab 1Image Hover Effects For Elementor With Lightbox And Flipbox Nov 21, 2024 Jul 6, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Image Hover Effects - Caption Hover with Carousel allows Stored XSS.This issue affects Image Hover Ef...Show more Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Image Hover Effects - Caption Hover with Carousel allows Stored XSS.This issue affects Image Hover Effects - Caption Hover with Carousel: from n/a through 3.0.2.Show less
CVE-2024-5001 1Oxilab 1Image Hover Effects For Elementor With Lightbox And Flipbox Apr 8, 2026 Jun 6, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_id', 'oxi_addons_f_title_tag', and 'content_description_tag' parameters in all v...Show more The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_id', 'oxi_addons_f_title_tag', and 'content_description_tag' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-37546 may be a duplicate of this issue.Show less
CVE-2023-25962 1Oxilab 1Accordions Nov 21, 2024 May 4, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari Accordion – Multiple Accordion or FAQs Builder plugin <= 2.3.0 versions.
CVE-2022-45831 1Oxilab 1Image Hover Effects For Elementor With Lightbox And Flipbox Nov 21, 2024 Mar 28, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in biplob018 Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 2.8 versions.
CVE-2022-4207 1Oxilab 1Image Hover Effects Ultimate Nov 21, 2024 Dec 13, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization...Show more The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.Show less
CVE-2022-45082 1Oxilab 1Accordions Nov 21, 2024 Nov 18, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key.
CVE-2022-42459 1Oxilab 1Image Hover Effects Ultimate Nov 21, 2024 Nov 18, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress.
CVE-2022-38104 1Oxilab 1Accordions Nov 21, 2024 Oct 21, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on...Show more Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress.Show less
CVE-2022-2937 1Oxilab 1Image Hover Effects Ultimate Nov 21, 2024 Sep 23, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to ins...Show more The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.Show less
CVE-2022-2936 1Oxilab 1Image Hover Effects Ultimate Nov 21, 2024 Sep 6, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient inp...Show more The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.Show less
CVE-2022-2935 1Oxilab 1Image Hover Effects Ultimate Nov 21, 2024 Sep 6, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insuffic...Show more The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.Show less
CVE-2022-33970 1Oxilab 1Shortcode Addons Nov 21, 2024 Jul 27, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin <= 3.1.2 at WordPress.
CVE-2022-36375 1Oxilab 1Responsive Tabs Nov 21, 2024 Jul 25, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress.
CVE-2022-33969 1Oxilab 1Flipbox Nov 21, 2024 Jul 25, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress.
CVE-2022-34487 1Oxilab 1Shortcode Addons Nov 21, 2024 Jul 21, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.
CVE-2022-33198 1Oxilab 1Accordions Nov 21, 2024 Jul 21, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.
CVE-2022-29424 1Oxilab 1Image Hover Effects Ultimate Nov 21, 2024 May 20, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress.

12 Next