Shodan
Vulnerabilities
Vulnerable Software
Fullworksplugins:  Security Vulnerabilities
CVE-2023-1554
The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
4.8
EPSS Score
0.001
Published
2023-05-02
CVE-2023-23889
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-25
CVE-2022-47608
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-04-25
CVE-2023-25702
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-04-07
CVE-2023-25713
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-04-07
CVE-2023-23885
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-07
CVE-2023-23979
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-04-06
CVE-2022-46863
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.6.4 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-03-28
CVE-2023-23974
Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).
CVSS Score
5.4
EPSS Score
0.001
Published
2023-03-01
CVE-2023-23491
The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.
CVSS Score
6.1
EPSS Score
0.077
Published
2023-01-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved