The Email Encoder β Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.4CVSS
6AI Score
0.0004EPSS
The Email Encoder β Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eeb_mailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes......
6.4CVSS
5.2AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till KrΓΌss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through...
6.5CVSS
5.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jannis Thuemmig Email Encoder plugin <= 2.1.8...
6.5CVSS
5.8AI Score
0.0004EPSS
The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....
6.4CVSS
5.2AI Score
0.001EPSS
The Email Encoder β Protect Email Addresses WordPress plugin before 2.1.2 has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the...
6.1CVSS
6.3AI Score
0.001EPSS