| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields – wpView plugin <= 1.3.0 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuajik plugin <= 0.1.0 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <= 1.51 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab Jazz Popups plugin <= 1.8.7 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin <= 1.3.4 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.3 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nose Graze Novelist plugin <= 1.2.0 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazzlersoft Team Members Showcase plugin <= 1.3.4 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank Math SEO PRO plugin <= 3.0.35 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions. |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommerce WooCommerce Product Enquiry plugin <= 2.3.4 versions. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions. |
| Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.8.1 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <= 2.1.3 versions. |
| Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.7. |
| A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation. |
