cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-4460,https://securityvulnerability.io/vulnerability/CVE-2022-4460,Sidebar Widgets by CodeLights <= 1.4 - Contributor+ Stored XSS,"The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins.",Wordpress,Sidebar Widgets By Codelights,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-01-16T15:38:02.964Z,0
CVE-2022-4619,https://securityvulnerability.io/vulnerability/CVE-2022-4619,Stored Cross-Site Scripting in Sidebar Widgets Plugin for WordPress by CodeLights,"The Sidebar Widgets by CodeLights plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate sanitization of user input in the ‘Extra CSS class’ field. This allows authenticated users with administrator-level access to insert malicious scripts that will execute when other users visit affected pages. This vulnerability specifically impacts multi-site installations or those configurations where unfiltered_html is disabled, posing a significant risk to the integrity and security of user interactions on the site.",Wordpress,Sidebar Widgets By Codelights,5.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-12-20T15:17:07.161Z,0