PT-2024-37323 · WordPress · Sign-Up Sheets

Name of the Vulnerable Software and Affected Versions: Sign-up Sheets WordPress plugin versions prior to 2.2.13 Description: The issue is related to Reflected Cross-Site Scripting. It occurs because the plugin does not properly escape some generated URLs and the $ SERVER'REQUEST URI' parameter...

CVE-2023-4148

The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2023-6573 · WordPress · Tablesome

Name of the Vulnerable Software and Affected Versions: Tablesome WordPress plugin versions prior to 1.0.9 Description: The issue is related to the Tablesome WordPress plugin, which does not properly escape generated URLs before outputting them in attributes when certain notices are displayed. Thi...

Newsletter < 7.6.9 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=newslettersystemstatus"...