Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
accordion vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-4781
The Accordion Shortcodes WordPress plugin up to and including 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Accordion Shortcodes Project Accordion Shortcodes
NA
CVE-2015-4365
Cross-site scripting (XSS) vulnerability in the Taxonomy Accordion module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to taxonomy terms.
Taxonomy Accordion Project Taxonomy Accordion
5.4
CVSSv3
CVE-2023-5666
The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Themepoints Accordion
5.4
CVSSv3
CVE-2023-47809
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion plugin <= 2.6 versions.
Themepoints Accordion
5.4
CVSSv3
CVE-2020-13644
An issue exists in the Accordion plugin prior to 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part...
Pickplugins Accordion
5.4
CVSSv3
CVE-2023-0373
The Lightweight Accordion WordPress plugin prior to 1.5.15 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...
Smartwp Lightweight Accordion
6.1
CVSSv3
CVE-2023-1891
The Accordion & FAQ WordPress plugin prior to 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting
Helpiewp Accordion \\& Faq
5.4
CVSSv3
CVE-2022-4487
The Easy Accordion WordPress plugin prior to 2.2.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used a...
Techearty Easy Accordion
5.4
CVSSv3
CVE-2021-24576
The Easy Accordion WordPress plugin prior to 2.0.22 does not properly sanitize inputs when adding new items to an accordion.
Techearty Easy Accordion
5.4
CVSSv3
CVE-2023-5164
The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated att...
Sevenspark Bellows Accordion Menu
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »