| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Stored XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.1.
|
| The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFA_guardar_cbfa() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Web Player allows Stored XSS.This issue affects Podlove Web Player: from n/a through 5.7.1.
|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alordiel Dropdown Multisite selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through 0.9.2.
|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a through 5.8.2.
|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon wp-lister-for-amazon.This issue affects WP-Lister Lite for Amazon: from n/a through <= 2.6.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Buttonizer Button contact VR button-contact-vr allows Stored XSS.This issue affects Button contact VR: from n/a through <= 4.7.9.1. |
| The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script adder present in posts in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'plan_icons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloudways Breeze breeze allows Stored XSS.This issue affects Breeze: from n/a through <= 2.1.14. |
| The AnnounceKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. |
| Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1.
|
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Print Page block allows Stored XSS.This issue affects Print Page block: from n/a through 1.0.8.
|
| Incorrect Privilege Assignment vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Solutions Creative Image Slider – Responsive Slider Plugin allows Reflected XSS.This issue affects Creative Image Slider – Responsive Slider Plugin: from n/a through 2.1.3.
|
| Deserialization of Untrusted Data vulnerability in Daschmi DS.DownloadList dsdownloadlist allows Object Injection.This issue affects DS.DownloadList: from n/a through <= 1.3. |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tumult Inc Tumult Hype Animations allows DOM-Based XSS.This issue affects Tumult Hype Animations: from n/a through 1.9.11. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.75.
|
| Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi Landing Pages.This issue affects Landingi Landing Pages: from n/a through 3.1.1.
|
