1111468 matches found
CVE-2021-47984
WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...
CVE-2021-47983
WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...
CVE-2021-47982
WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter...
CVE-2023-54351
WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored an...
CVE-2023-54351
CVE-2023-54351 : WordPress Sonaar Music Plugin 4.7 has a stored XSS vulnerability in the comment functionality. Unauthenticated attackers can submit JavaScript payloads via the comment parameter to wp-comments-post.php, which are stored and later executed in the browsers of users viewing the affe...
CVE-2023-54351 WordPress Sonaar Music Plugin 4.7 Stored XSS via Comments
WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers can submit JavaScript payloads in the comment parameter to wp-comments-post.php which are stored an...
CVE-2021-47983 WordPress Plugin Stripe Payments 2.0.39 Stored XSS via currency_code
WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...
CVE-2021-47984 WordPress Plugin WP24 Domain Check 1.6.2 Stored XSS
WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at...
CVE-2021-47982 WordPress Plugin WP-Paginate 2.1.3 Stored XSS via preset
WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers can submit POST requests to the plugin settings page with script payloads in the preset parameter...
CVE-2021-47982
Summary: CVE-2021-47982 affects WordPress plugin WP-Paginate 2.1.3 with a stored XSS via the preset parameter. Authenticated attackers can submit payloads in the preset field through the plugin settings page; payloads are stored and later executed when administrators view the settings. The record...
EUVD-2026-34999
A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=roomtypes. Performing a manipulation of the argument room results in cross site scripting. The attack is possible to be carried out...
CVE-2026-11468
A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=roomtypes. Performing a manipulation of the argument room results in cross site scripting. The attack is possible to be carried out...
CVE-2026-11468
SourceCodester Hospitals Patient Records Management System 1.0 is affected by CVE-2026-11468. The issue arises from unknown processing of the file path /admin/?page=room_types, where manipulating the argument room triggers a cross-site scripting (XSS) vulnerability. Exploitation is possible remot...
CVE-2026-11468 SourceCodester Hospitals Patient Records Management System page room_types cross site scripting
A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=roomtypes. Performing a manipulation of the argument room results in cross site scripting. The attack is possible to be carried out...
write-up
Prototype Pollution in JavaScript: The Complete Bug Bounty Hun...
CVE-2026-9281
The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jtlmacustomjs' Page Setting Custom JS Extension in all versions up to, and including, 3.1.0 due to insufficient input...
CVE-2026-9280
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-8901
The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This make...
CVE-2026-9594
The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'locationmessages' parameter in all versions up to, and including, 4.9.4 due to insufficient input sanitization and output escaping...
CVE-2026-7796
The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping...