| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonisink yPHPlista yphplista allows Stored XSS.This issue affects yPHPlista: from n/a through <= 1.1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Karam Singh Advanced Video Player with Analytics advanced-video-player-with-analytics allows DOM-Based XSS.This issue affects Advanced Video Player with Analytics: from n/a through <= 1. |
| The Booking System Trafft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trafftbooking' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nomaniplex Easy Social Sharebar easy-social-sharebar allows Stored XSS.This issue affects Easy Social Sharebar: from n/a through <= 1.0.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smajda Pull This pull-this allows DOM-Based XSS.This issue affects Pull This: from n/a through <= 1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bchristopeit WoW Guild Armory Roster guild-armory-roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through <= 0.5.5. |
| The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode in all versions up to, and including, 1.9.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Organic Themes GivingPress Lite allows Stored XSS.This issue affects GivingPress Lite: from n/a through 1.8.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Jégo Map Store Locator map-store-location allows DOM-Based XSS.This issue affects Map Store Locator: from n/a through <= 1.2.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Websand Websand Subscription Form websand-subscription-form allows Stored XSS.This issue affects Websand Subscription Form: from n/a through <= 1.0.3. |
| The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MartyThornley Photographer Connections photographer-connections allows Stored XSS.This issue affects Photographer Connections: from n/a through <= 1.3.1. |
| The aThemes Starter Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadBoxer LeadBoxer leadboxer allows Reflected XSS.This issue affects LeadBoxer: from n/a through <= 1.3. |
| The Login with Vipps and MobilePay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'continue-with-vipps' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Igor Benic LeanPress leanpress allows Reflected XSS.This issue affects LeanPress: from n/a through <= 1.0.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in deepintowp Wc Recently viewed products wc-recently-viewed-products allows Reflected XSS.This issue affects Wc Recently viewed products: from n/a through <= 1.0.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webcodingplace Ultimate Classified Listings ultimate-classified-listings allows Stored XSS.This issue affects Ultimate Classified Listings: from n/a through <= 1.7. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robin W bbp topic count bbp-topic-count allows DOM-Based XSS.This issue affects bbp topic count: from n/a through <= 3.2. |
