Effect Security Vulnerabilities

CVE-2023-40605

Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digital Typing Effect plugin <= 1.3.6...

CVE-2022-29447

Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at...

CVE-2021-24709

The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like _size_leaf, _flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting...

CVE-2021-24683

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting...

CVE-2020-7624

effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options...

CVE-2015-1384

Cross-site scripting (XSS) vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the banner_effect_divid parameter in the BannerEffectOptions page to...

CVE-2015-0920

Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the...