WordPress plugin ForumWP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin...

WordPress plugin Splash Sync 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

CVE-2024-11685

The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attacker...

WordPress Parsi Date plugin <= 5.1.1 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability

Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by vgo0 in WordPress Plugin Parsi Date versions = 5.1.1...

WordPress plugin Premium Packages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.3 - Reflected Cross-Site Scripting via add_query_arg vulnerability

Reflected Cross-Site Scripting via addqueryarg vulnerability discovered by Peter Thaleikis in WordPress Plugin WPDM – Premium Packages versions = 5.9.3...

CVE-2024-11371

The Theater for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.18.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

CVE-2024-11365

The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers...

PT-2024-17007 · WordPress · Contestswp

Name of the Vulnerable Software and Affected Versions: ContestsWP plugin for WordPress versions up to, and including, 2.0.3 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without proper escaping on the URL. This allows unauthenticated attackers...

WordPress Co-marquage service-public.fr plugin <= 0.5.76 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability

Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by vgo0 in WordPress Plugin Co-marquage service-public.fr versions = 0.5.76...

WordPress Ashe theme <= 2.243 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability

Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by vgo0 in WordPress Theme Ashe versions = 2.243...

PT-2024-39835 · WordPress · Ashe Theme For Wordpress

Name of the Vulnerable Software and Affected Versions: Ashe theme for WordPress versions up to, and including, 2.243 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows unauthenticated attackers t...

WordPress plugin PeproDev WooCommerce Receipt Uploader 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-39720 · WordPress · Bulkpress

Name of the Vulnerable Software and Affected Versions: BulkPress plugin for WordPress versions up to, and including, 0.3.5 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject arbitrary web scripts into pages...

CVE-2024-10265

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for...

WordPress plugin Seriously Simple Podcasting 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Seriously Simple...

CVE-2024-9896

The BBP Core – Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated...

WordPress BBP Core plugin <= 1.2.5 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability

Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by Colin Xu in WordPress Plugin BBP Core versions = 1.2.5...

PT-2024-39216 · WordPress · Wedevs Recaptcha Integration For Wordpress

Name of the Vulnerable Software and Affected Versions: ReCaptcha Integration for WordPress plugin versions 1.2.5 and earlier Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without proper escaping on the URL. This allows unauthenticated attacker...

CVE-2024-8792

The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...