Search Results | AttackerKB

Show filters

Topics 3 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2023-6884

Disclosure Date: February 05, 2024 (last updated February 10, 2024)

This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-44580

Disclosure Date: March 15, 2023 (last updated November 08, 2023)

SQL Injection (SQLi) vulnerability in RichPlugins Plugin for Google Reviews plugin <= 2.2.3 versions.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2022-45369

Disclosure Date: November 18, 2022 (last updated February 24, 2025)

Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress.

Attack Vector: Network Privileges: Low User Interaction: None

0