📦

blog_filter

Vendor: awplife

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 4 Total Indexed

Avg. EPSS 0.10% Exploit Prob.

Latest CVE CVE-2023-5291 Oct 04

Security Vulnerability Index

Page 1 / 1

6.4 CVSS

CVE-2023-5291

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

EPSS: 0.11%

Severity: MEDIUM

Oct 04, 2023

6.4 CVSS

CVE-2023-5295

The Comments by Startbit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

EPSS: 0.08%

Severity: MEDIUM

Sep 30, 2023

Displaying 2 of 4 Total Entries

Total 1 Sections