PT-2025-6160

Name of the Vulnerable Software and Affected Versions: Stray Random Quotes WordPress plugin versions 1.9.9 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in...

Slimstat Analytics < 5.0.9 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

nuajik CDN <= 0.1.0 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WRC Pricing Tables < 2.3.9 - Admin+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

a3 Portfolio < 3.1.1 - Author+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks...

Woocommerce Vietnam Checkout < 2.0.5 - Reflected XSS

The plugin does not sanitise and escape the from and to parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Uber: XSS in getrush.uber.com

'' 'https://getrush.uber.com/business?utmcampaign=tttttt%27%3C/script%3E%3Cscript%3Ealert0%3C/script%3E&utmmedium=top&utmsource=website''' You need to escape the utmcampaign parameter before rendering it in the HTML. Thanks, David Dworken...